Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Addressing Third-Party Risk in Periods of (Rapid) Change
Your extended risk ecosystem supports your overall goals, but as the organization evolves, the risk due to third-party partnerships typically increases. Progressive Risk teams evaluate the impact these changes exert on their risk profile, and specifically, on the third-party risk management program.
As the world becomes more interconnected through technology adoption, organizations are relying on a dramatically increasing number of third parties. Accounting and payroll, manufacturing, supply chains, HR/benefits and a variety of other third parties all have access to sensitive data, whether it’s personnel (and personal) information, research and development data, sales data, etc. This extended ecosystem supports your overall goals, but as the organization evolves the risk due to these partnerships almost always increases. Progressive Risk teams evaluate the impact these changes exert on their risk profile, and specifically, on the third-party risk management program.
As your organization grows and changes, your third parties are also affected. Changes could be as minimal as switching benefits providers or as drastic as an entire workforce beginning to operate remotely, as we’re seeing with the COVID pandemic.
When developing a third-party risk management (TPRM) program, you’re classifying based on the information they have access to, how they access it and how they handle it. This review helps determine the risks related to the partnership. You’re also putting in place a communication strategy to manage risk effectively. Contracts should include clauses regarding audits, including frequency. Reviews and audits should comprise an iterative process validating that the checks and controls you put in place are meeting all applicable regulations and legal obligations, such as GDPR, CCPA, HIPAA, etc.
Regardless of your risk management program’s maturity level, it’s essential to understand the changes to your risk profile when changes take place. A clear understanding of your organization’s most important information is critical to maintaining a strong risk posture, and an evaluation of your program and contracts may suggest updates to those contracts, or perhaps even to the third parties themselves.
Consider the current pandemic, for example. If you’re like a lot of organizations many of your employees began working remotely (in some cases, up to 100%). Your third parties were, or are, navigating the same process. An operational review may make clear the sense of investing in, and requiring the use of new technologies such as multi-factor authentication (MFA), not only for your own employees but for employees of third parties connecting to your infrastructure to gather, analyze and act on data.
To help optimize your risk profile during periods of (rapid) change:
All risks can be amplified by the complexity of vendor relationships and the difficulty of integrating them into your environment. As you add partners, networks, and systems, your level of general cyber risk gets compounded. Faced with ongoing changes, third parties may or may not understand how they’re handling the day-to-day information sharing and whether or not they’re meeting their obligations. It’s important to assess their ability to manage your data.
To learn more about how third-party relationships can adversely affect your risk posture during periods of change and how to minimize that risk, we invite you to join Dustin Owens, Optiv’s VP and GM of Risk Management, at Virtual OptivCon on September 17. “Managing Third Party Risk in Turbulent Times” promises to be illuminating.
Let us know what you need, and we will have an Optiv professional contact you shortly.
July 31, 2020
It’s possible to reduce rapid application deployment risk with a multi-layered, integrated security approach.
May 20, 2020
This paper helps you understand cloud infrastructure assessment tools provided with Microsoft Azure and other third parties.