Questions to ask a 3rd party service provider
With the big shift to using other people machines, AKA “The Cloud” to support on-prem infrastructure, platforms, and services, new policies and procedures need to be considered. These “new” enviroments are often made to sound completely secure. While in and of themselves they might be, what you built on top of the foundation is a whole different story. You can build the strongest foundation, but if your structure sitting on top of it is falling apart… what’s the point?
HOW WOULD ONE GO ABOUT FINDING OUT THE SECURITY MATURITY OF A PRODUCT?
Did someone say penetration test? No, this is actually not something that is needed to start with. When you are on the market for a third party service to handle your employees work flow, there are several things to consider when evaluating the product and service provider:
- How transparent is the service provider with answers to special inquiries?
- How flexible is the service provider in regard to customizing the product to your needs?
- Do they listen to your request and care about it, or do they just wave it off as if “yeah, we’ll look into that, I promise!” That is a possible indication of how they will react when and if you return with
a security flaw with their product.
This checklist could and should be used as a questionnaire when vetting 3rd party services that you might consider using. We have added what we think is a few great questions to start with when evaluating the security maturity of a Service Providers application.
Get your copy
Enter your details here: