Following last year’s indictment of two Chinese nationals for allegedly targeting and compromising managed service providers and other IT firms, all businesses have become more serious about actively investigating the risk management policies and procedures of their suppliers.
Any doubt that the risk to the channel is real was put to bed Tuesday when Indian IT service provider and outsourcer Wipro confirmed a report that it had been breached by an advanced phishing attack. “Third-party risk management is going to become one of the basics businesses have to succeed at,” said Matthew Newfield, chief information security officer at Unisys, No. 21 on the 2018 CRN Solution Provider 500.
Nowadays, Newfield said virtually all enterprise customers expect documentation of Unisys’ security postures and programs as well as briefings on the solution provider’s technical implementation guides. But more and more, customers also want an on-site review of Unisys’ security procedures to ensure the solution provider is living up to its security promises, he said.
Meanwhile, managed detection and response provider eSentire often receives due diligence checklists from customers…