Business partners a potential security risk 17 September, 2006 By Paul Weinberg

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

In one finding, nearly three quarters of respondents say their business partners have raised their levels of IT security risk; and13 percent of them have terminated a business partnership due to IT security concerns.

Standard partnership agreements are not sufficient to avoid risky business partners, stated Jim Ivers, senior vice president of marketing for Cybertrust.

He notes that some organizations will rely on a common spreadsheet like Microsoft Excel to conduct an assessment of partner security.

"It helps some but it is an onerous process. It is better to have a third party audit."

In this vacuum in organizations, Ivers stated that "the guys who are in the trenches for security will actually do an assessment of their partners simply because they don't want to deal with the issues that come with it."

Cybertrust discovered that almost 80 per cent of respondents appreciate that a more programmatic approach to partner security makes sense -- which entails an independent, objective, reliable and quick metric to assess the security practices of their business partners."

However, fewer than half actually assess their partner security practices, stated Ivers.

"I think it needs to come at the top [on an organization] and I think it needs to be an active part of the discussion, about forming partnerships."

Cybertrust has detected that organizations are "realizing that you are only as strong as your weakest link, and it is often these partners that actually cause the weakness in the perimeter," he continued

"You will see service level agreements or more closely worded security language, in actual partnerships. The effort on security has always been about protecting the perimeter, but these larger companies have got more and people into their network as part of their extranet."

Those organizations that monitor partner security should experience a three-fold reduction in the number of security incidents involving partnerships, the Cyber Trust study found.

"Even the most rudimentary process around partner security reduced the risk by 66 per cent per cent," stated Ivers.

He suggested that the IT security industry is also missing the boat on extranet and partner security.

"The industry has been so inwardly focused on the perimeter; I think the conversation about the extended enterprise means that the perimeter is no longer the wall of the company, the firewall of the company."

He adds that security as a market "has got to stop thinking from a technical point of view and start thinking from a business oriented view."

"While organizations have evolved from isolated enterprises to highly collaborative networks of partners, suppliers, vendors, and contractors, they continue to take the isolated approach when it comes to information security," explained Cybertrust Chief Technology Officer Peter Tippett.

"While compliance mandates and security audits drive many security programs internal to an organization, they have yet to implement a programmatic way of assessing the security of their external networks, which includes partners."

Cybertrust is launching its own partner security program to have organizations evaluate and assess business partner security risks.