Managed security firm Cybertrust is launching a program to enable companies to audit security across a network of business partners.
The Partner Security Program is a web-based service for companies to assess and manage the security levels of their suppliers, customers and other associates which connect to their corporate network.
A recent survey, conducted by Cybertrust among line-of-business and security managers in 200 organisations worldwide, revealed that nearly three quarters of respondents regarded their business partners as increasing their security risks.
A third had experienced a security 'event' as a result of a business partner's lax security.
But only 19 per cent of organisations had conducted any kind of security assessment prior to connecting to their business partner for the first time.
John Holland, senior vice president for Europe at Cybertrust, told vnunet.com that the reason so few organisations vet their partners is the time, effort and expense of signing up a third-party security firm to conduct an audit.
Hence the attraction of the Partner Security Program, according to Holland, which automates the process.
The program was developed to help customers understand and manage the risks of doing business, providing customers with a single view of the status of internal business units, external partners and other entities performing compliance validation activities via a Web-based dashboard.
Organisations are also able to demonstrate to customers, partners, auditors and regulators that they have performed effective due diligence on third parties.
"Cybertrust Partner Security Programme fills a unique place in the market by helping to address business risks inherent with the extended enterprise," said Sandra Palumbo, senior analyst at research firm Yankee Group.
"[The Programme] allows businesses to address ongoing risk and compliance challenges with partner networks in a manageable, highly scalable way.
"As compliance regulations continue to proliferate, it is important for organisations to embrace a formal process around partner security, and to hold their partners and vendors accountable to meeting the standard and reducing risk overall."
Most of the requirements for partner security auditing comes from large hub organisations, such as a large retailer, signing up a number of smaller suppliers.
It therefore makes sense to automate the process with standard questionnaires and correlations to the hub company's security requirements.
The Programme can assess a customer's extended business partners and internal business units against industry standards including ISO 17799, HIPAA and Sarbanes-Oxley, as well as its own custom-developed security standards.
An automated questionnaire response scoring engine provides the ability to adapt scoring for individual standard or customer-specific needs, and can be tailored entirely for the customer's internal standards.
This flexibility provides the customer with the ability to fine-tune its partner programme based on its core industry, and across levels of business partners based on their criticality.
"In an environment where many organisations have hundreds or even thousands of external business partners, it is becoming increasingly difficult to establish and maintain a true security overview of the organisation as well as to manage the risk associated with the extended enterprise," said Kerry Bailey, senior vice president of global services at Cybertrust.
Cybertrust tackles business partner security
By Andrew Charlesworth on Sep 28, 2006 10:23AM