Cloud and Third Party Risk Assessments
Prepare for Risks Associated with Cloud or Third Party Connections
- Are you allowing critical sales or human resource data to leave your premises through specialized applications?
- Do you store sensitive documents on a cloud storage system?
- Have you performed any type of risk assessment on these off-premises links into your network?
Plain and simple: risk assessments should be required prior to connecting to any third party or the cloud.
When your company connects systems or internal users to someone’s system other than your own, there is risk. More and more applications are moving to the cloud and more and more companies want and need to connect their networks to corporations that have the tools and resources to extend their abilities.
It is critical to research the security of those third-party companies, both legally and technically, to ensure they have the proper controls in place to prevent a virus from spreading over a VPN tunnel to your network. And that’s just one example. Connecting a virtual private network (VPN) to a third party, in effect, places them on your network behind your firewalls and intrusion detection systems. That’s why most companies require an assessment of third parties, with a signed legal agreement, before they connect. ISO 27001 and ISO 27002 have guidelines for this process.
To properly assess these risks is time-consuming, often includes the need for travel, and requires a clearly defined process for vetting these external companies. The Enet 1 Group knows the ISO requirements and has provided this risk assessment for thousands of Fortune 500 companies and their subsidiaries. We’ve developed methodologies and techniques that take the guesswork out of what is generally perceived as an inexact science. Our CEO, Tim Smith, led the effort to develop the third party network connectivity standard for API.
With our experience and knowledge we can assist you using our tried and true processes, and provide a report of the strengths and weaknesses of a third party’s or cloud’s security posture. This includes undertaking the travel often necessary for in depth assessments thus freeing your employees from costly time away from jobs. And, if you have the in-house resources, we can show your IT staff how to perform their own risk assessments. We’d like to discuss how we could minimize this tangible risk for you company.
Contact us for a conversation about this serious yet often overlooked risk.