Modern business is a complex web of interwoven relationships. As I work with organizations across a variety of industries, I’m amazed at the networks of suppliers, consultants and partners that companies bring together to create competitive products and services. While these partnerships deliver tremendous value, they also bring new risks. In fact, the Ponemon Institute recently estimated that data breaches are roughly 9 percent more expensive when third parties are involved. The bottom line is that you can outsource various business functions, but you can’t outsource risk.

Let’s take a look at three things organizations can do to better manage the hundreds of vendors that compromise their supply chains. This is the core of building a robust vendor performance and risk management program.

Federal agencies are re-emphasizing the need to develop and deploy government cybersecurity solutions using the Risk Management Framework published by the National Institute of Standards and Technology.

Agency technology leaders bear responsibility for ensuring that their cybersecurity programs operate in compliance with the RMF. For organizations with little experience, this effort can be overwhelming , but taking a methodical approach to RMF implementation will yield significant benefits. Let’s take a look at three steps agency leaders can take to begin a robust cybersecurity program.

The “X” in “XaaS” is tantalizingly broad. It stands in for “anything.” Yet for many organizations, the definition of “the cloud” still revolves around three primary use cases: of Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). By broadening your cloud horizons, you can create leaner, more…

I have been fortunate to work for some very complex and mature IT departments throughout my career, and one of the more important practices I saw within these IT shops was a solid disaster recovery and business continuity strategy. As an IT business person that has participated on all sides of the disaster recovery and…

With all of the recent excitement about the “Shellshock” code execution vulnerability in the UNIX bash shell, and the somewhat older news about SSL vulnerabilities, I am reminded once again about the need for organizations to formally manage information security as part of an ongoing process.

In a previous blog post, I mentioned that the measure of success with a cloud provider comes down to your ability to get the “real story” during the sales cycle.  While I touched on the physical security of the provider’s data center – what about the logical, remote and application data security in the cloud…