Sophisticated breaches like SUNBURST (aka the SolarWinds hack that made headlines in late 2020) make the risk associated with third-party platforms abundantly clear. Modern organizations are increasingly depending on a variety of third parties for SaaS — everything from finance to supply chain to IT service management (ITSM).
From an operations perspective, this is great. Organizations focus less on “keeping the lights on” and more on their core value proposition. However, there’s also an uncomfortable tradeoff when it comes to security. If you don’t control the platform, you don’t completely control your — or your customer’s — data, which has security and compliance implications. Similarly, the availability of critical business functions often depends on multiple external platforms, many of which can be a single point of failure.
For many organizations, simply navigating the complex dependencies and clearly defining risk appetites and mitigations is a real challenge. Third-party governance and risk management (TPGRM) aims to solve this problem by analyzing and performing due diligence on risks stemming from third-party relationships.
While there are plenty of TPGRM/TPRM…
