top of page

Reduce Partner Risk 

Think Like an Attacker, Manage Your Risk

Third, Fourth, and Fifth Party Security:

The Seen and Unseen

Critical Industries

  • According to the Ponemon Institute, 56% of organizations have experienced a data breach caused by a third-party vendor, and 42% have suffered a data breach caused by an attack on one of their third parties. 

​​

  • Think 6 degrees of separation in a bad way.  

​​

  • Rather than attack large, well-funded targets, many adversaries attack their supply chain and get to the assets they want including: Data, Compute Resources, Intellectual property, Competitive Intelligence about your M&A plans, et al

​

Platforms: Iaas, Paas, Saas, On-Prem

 

Insiders

Per Verizon, Insider threats represent 40% of beaches and close to 100% of phishing targets.

​

Do you know what controls your partners have around your data? Do they have an Information Management Lifecycle Policy(ILM)/Data Loss Policy (DLP)policy in place?

​

Are they protecting your data like you would?

Insiders

 

Nation States

  • Nation States May Be Trying to Access Your network "Legally"

 

  • China passed provisions, known as the  Regulations on Internet Security Supervision and Inspection by Public Security Organs in November 2018

​​

  • These provisions outline how the country’s main domestic security agency, the Ministry of Public Security (MPS), can conduct both onsite and remote inspection of computer networks including those with 5 or more computers connected to the internet

,

  • So, even if YOU aren’t doing business with China, if your partners are, China may have access to your DATA…

NationStates

You Can Outsource Your app or Busines Process But You Can NOT outsource your risk.  

thirdparty_edited.jpg

 Monitored by design. Verified through continuous testing. Self-heal or containment

Ovation Monitors and Responds to 3rd, 4th, and 5th Party Risks

3rd Party (upstream and downstream) Risk Management

Our turnkey 3rd Party Management program is a fixed fee/fixed deliverable program based on the number of partners included.

 

Mutiple dimensions are assessed initially and monitored on an ongoing basis to help clients actively manage their upstream and downstream risks

​

  • Turnkey Approach  

    • Inventory upstream and downstream relationships

    • Inventory industry risk(s)

    • Inventory Contracts including T&Cs/SLA,

    • Create relationships and assess based on:

      • OpenSource intel,

      • Client-specific datapoints

      • Other data points

    • Actively monitor  key threat dimensions that may impact client  organization

    • Integrate with Client's security posture for pro-active management of risks (optional)

​

DataLoss Protection Factory For Partners

Identify critical data on-prem, cloud, shadow, thumb drives, and partners

  • Full turnkey Information Lifecyle Management (ILM) included in our DLP program to identify critical and sensitive data sent to partners (upstream and downstream)

    • Develop Policies, Procedures and Enforcement of ILM for partners​

    • Deploy DLP and RPA solutions to discover, categorize, and mark for control purposes

Get Started Today

Get a demo of our capabilities or schedule a call so that we can discuss how we might help

bottom of page