Vendors about to get graded for security

Nine big tech companies have joined forces to form a group which aims to step up the cyber-security game among vendors.

Nine big tech companies have joined forces to form a group which aims to step up the cyber-security game among vendors, the media have reported this Friday. A compromised vendor system is one of the bigger culprits for a cyber-security breach, which is why Uber, together with eight other large tech companies, decided to form the Vendor Security Alliance (VSA). 

The Alliance's goal is to establish cyber-security standards which will help businesses determine the security of their third-party vendors. Besides Uber, other companies are: Docker, Dropbox, Palantir, Twitter, Square, Atlassian, GoDaddy, and Airbnb. “There needs to be standards because there have been problems with breaches, and some are very large,” said Uber’s head of compliance, Ken Baylor. 

“Every company has their own way to do due diligence — some are security-focused, but others aren’t.” One of the things this new Alliance will do is release a yearly questionnaire. Businesses will pass it on to their vendors, which will assess their security practices, data protection policies and access controls. It will ask questions about encryption, threat response times, security upgrades and software development cycle. 

The data gathered will be used to grade the vendors, ultimately leading to a list of the most secure ones. “It really rewards vendors that have really good cyber-security practices,” Baylor explained. 

“This has been a differentiator for years, but no one has been able to go and measure it.” 

The survey will be reviewed by an 'independent third-party auditor' – who has not yet been determined.     

Image source: Shutterstock/deepadesigns