We can help you categorise your suppliers and the risks that are associated with them, and provide recommended measures to minimise these risks.Risk Management
More and more companies are choosing to outsource operation and administration of their IT solutions to external parties. The reasons behind the outsourcing are often financial or to ensure competitiveness. But despite the fact that the goal of service providers is to be of benefit to your business, outsourced data can involve major risks – and in the worst case data loss – if not handled in the right way. Ensuring that your supplier is protecting your assets to the extent required should be a natural part of your security work.
It is important to understand how the delivery chain affects your risk. Your company can be the target of a cyberattack, both directly and indirectly, since hackers tend to attack convergence points/popular services that many companies use (see e.g. Solarwind and Cloud Hopper).
Managing users and authorised access is crucial for supplier security. For example, by hacking the supplier's employees, and thereby gaining access to the supplier’s environment, a hacker can access information that you have stored with them or gain entry into your organisation system from their environment.
When you are using one or more suppliers to process your data, it is important to have well-functioning backup procedures in case data should get lost in the event of a processing error or a ransomware attack.
Application Programming Interfaces (all APIs) are a very common way for provide interaction between organisations and suppliers. Since both parties have access to these interfaces, it is important to avoid security gaps that otherwise could result in data leaks.
The obligations of the supplier are regulated in the contracts that are written. If it is unclear in terms of what applies or there is no review to check the extent to which the agreed terms are observed, this can result in both legal and security risks.
When data is stored with different suppliers, who are often based in different regions, this can involve major challenges for the work of ensuring personal privacy and meeting compliance requirements.
We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.