Don’t Outsource Vendor Risk Management

We all know the many benefits of using SaaS apps and cloud services: boost productivity, cut costs, collaborate better, work from anywhere, yadda-yadda-yadda. If you read our post last week you also know that not all cloud vendors are created equal. So exactly whose job is it to weigh up vendor security and risk?

That’s easy: it’s yours. Just like it’s your job to ensure your data is secure, it’s your job to decide which cloud vendors are safe enough for you to trust with that precious data. Vendor Risk Management (VRM – gots to have that acronym or it’s not real) involves knowing and minimizing the uncertainties—and possible dangers—that come with using third party vendors. It’s one more piece of the cloud security pie.

As it tends to go in the Cloud, you can now find cloud vendors whose sole purpose is to help you assess the risk of cloud vendors. (Isn’t it ironic? Don’t you think?) You can also find lots of whitepapers and studies on VRM. While all this is great—the more resources the better, right?—it doesn’t change that fact that your VRM belongs in your hands. By all means use everything you can to ensure that you’re using only the safest third party vendors. Get input from VRS services or technology, read vendor reviews, and look at what other organizations like yours are using.

But don’t let anyone else make the decision for you. That’s called passing the buck, and if something goes down (like your data is compromised or lost) with a cloud vendor you signed off on because a third party swore by them, that’s not going to fly. You need to create and execute a comprehensive plan to minimize your risks. It’s a dog eat dog world out there. Don’t get bit.