Samir Kapuria, a distinguished principal for Symantec Global Security Consulting, part of Symantec Global Services
Outsourcing various tasks and functions have become common practice in today's business world and allows organizations to drive core areas related to their business. But companies all too often fail to realize how third-party relationships may impact their overall risk posture, jeopardize their compliance, or threaten their business. As the client, companies cannot assume that potential vendors and partners implement similar security measures or that their internal security posture standards automatically fall into the scope of any partner relationship.
Companies need to ensure that partners can meet a desired risk posture. Before and after formally entering into a new relationship, companies should prioritize security during the negotiation period and outline specific risk and security measures in legal contracts to ensure that partners can meet a desired risk posture. If left unaddressed, the client may be seriously exposed in the event that a third-party partner or provider experiences some type of security threat, compliance breach, etc.