Published on : Thursday, October 6, 2016
Cyberattacks is no more a new concept and no matter how advanced the technical support is, no company is completely immune to cyberattacks. There are ways to make it harder for hackers to gain access for the hackers but it still leaves some glitch which leaves the vulnerable databases prone to attacks.
Keeping these points in mind, cybersecurity experts from nine tech companies have banded together to create the Vendor Security Alliance (VSA). This is a new coalition determined to establish cybersecurity standards that businesses can use to assess how secure third-party providers really are.
Started by Uber’s head of compliance, Ken Baylor, VSA seeks to offer companies peace of mind when it comes to working with vendors by ensuring that those providers’ cybersecurity practices are as strong as they need to be to protect everyone. The other companies who have been involved as the founding members of VSA are Docker, Dropbox, Palantir, Twitter, Square, Atlassian, GoDaddy, and Airbnb.
Ken Baylor said that the need for standards has become much important as there have been problems with breaches out which some are very large. Although every company has their own way to do due diligence, not all of them are security-focused.
The group will be releasing a questionnaire every year which any business can pass along to their vendors. This document will dig deep into the vendor’s security practices, inquiring about policies around data protection and access controls, how data is defined and whether it is allowed in a production environment, what type of encryption is used, how the vendor will respond to a breach or to threat intelligence, what plans are in place around reactive security, and what the vendor’s software development lifecycle is.
After the completion of the survey, it will be reviewed by an independent third-party auditor which VSA is yet to select but will definitely be one who specializes in information security. Vendors will be assigned a grade based on their answers, a score the coalition hopes will be as impactful as the health rating restaurants receive after an inspection. The idea is to make these business companies proactive in choosing the ones with the best security practices in place based on the grades.
VSA-certified score can also be used to overcome additional audits by potential clients. Over time, VSA is expected to compile an annual report which will detail the preparedness of vendors in the area of cybersecurity.
Strong cybersecurity benefits everyone, and that’s why the questionnaire is being made widely available. The non-members can use it to audit their vendors although they have to get it independently verified. This isn’t an organization formed by individuals or security officers — VSA has the backing of entire companies. It is targeting one potential vulnerability that is how to secure the company when it has multiple vendors integrated into different facets of your business?