November 19, 2018//Ellen NeveuxLast Updated: April 29, 2019
The dynamic between an enterprise and their technology providers can be tricky to navigate. It doesn’t quite meet the definition of a traditional buyer and vendor relationship, but it’s also more complex than your industry associations. As a result, you and your technology vendor may be collaborating with very different goals in mind. But the security of your company, as well as the data that it manages, depends on you and your vendor being on the same page. Approaching your vendor relationship as a partnership can strengthen the foundation of your working relationship and notably reduce your vulnerability to a security breach. But what exactly does this mean in practice?
When you and your technology vendor have conflicting goals, it’s a lot harder to ensure the security of your business let alone optimize the efficiency of your operations. Identify your security goals and set aside some time to go over them with your vendor, ideally at the start of your contract or during a renewal. This will give you a clearer picture of how you can work together to implement, maintain, and update your security protocols while adhering to any industry regulations that may apply. Be sure to address backward compatibility during your meeting so you don’t find yourself losing valuable time installing software updates or bug fixes for your vendor tools. A seamless and continuous integration with your technology vendor also ensures that your security defenses are up at all times, making it harder for malicious actors to get to your data.
It may seem obvious that you need to communicate with your vendor, but many enterprise/vendor relationships fall into a pattern of set it and forget it once the contracts are signed. Likewise, reaching out for troubleshooting assistance or in case of an emergency (e.g. a data breach) doesn’t meaningfully contribute to the establishment of a strong partnership. It may take months, and maybe even more than a year, but you need to invest the time and energy into building a rapport with your vendors. Keeping the lines of communication open will provide you unparalleled insight into which protocols may need to be updated or adapted as your partnership evolves.
Understanding that not all vendors are the same
Some of your technology vendors may be big name companies with well-funded security teams, complete with CISOs. Others may be operating on a lean budget, relying on open source security tools and online education resources for their security training. You need to recognize that your vendors are as different as their products, especially when it comes to their resources and how they approach security. While two vendors may be equally capable of providing the high-level security that your company needs, their approaches may be very different. Understanding this, and integrating these differences into your own strategies and best practices can save you a lot of time and an unnecessary headache. It’s also going to make your enterprise/vendor partnership function a lot more smoothly.
To learn more about how to get the most out of your vendor relationship, even in the face of some common challenges, check out our webinar Overworked and Understaffed.