In today’s global economy, it’s no secret that many organizations rely on third parties for critical business activities. While outsourcing isn’t a new concept, the rise of readily available cloud-based and everything-as-a-service solutions is rapidly increasing an organization’s liability and risk landscape – often with limited IT oversight.

Unfortunately many enterprises relying on third-party vendors often assume that these third parties properly protect their sensitive employee, customer and business data. Sadly, this is not always the case. Consider these data points:

• Only 24 percent of respondents require third-party suppliers or partners to comply with baseline security procedures. [1]
• Although 84 percent of senior IT decision makers [were] concerned or very concerned about the risks associated with IT security breaches, 55 percent of CIOs have not tested cloud vendors’ security systems and procedures. [2]

Organizations now have more choices available than ever before when it comes to outsourcing information management and IT resources to third party vendors.  Cloud computing and everything-as-a-service is becoming more popular, and business units in an organization are choosing to conduct more projects with third parties.  In an environment where third party services are seemingly easy to use and quick to deploy, an organization’s liability and risk landscape can increase rapidly and with limited oversight.

Governance of third party vendors, assessment of risk, and remediation of unacceptable risks is critical to protecting an organization’s reputation, business, and customers.  IT Security, Legal, and Finance all play an important role in identifying third party vendor projects involved in accessing and managing an organization’s sensitive data.  IT Security has a responsibility to assess the risk of third party vendor projects and to ensure that the highest risks are addressed.