Vendor risk management & federal IT

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Everyone who has bought a car or house knows what a credit rating is. A lender takes a look at your history and determines whether or not you are a good risk. BitSight applies that concept to your agency’s third party vendors.

This week on Federal Tech Talk, Jake Olcott, vice president of Communications and Government Affairs at BitSight, joins host John Gilroy to discuss how his company is helping federal information technology professionals reduce cyber risk and avoid breaches caused by third party vendors.

head shot of Jake Olcott
Jake Olcott, vice president, Communications & Government Affairs, BitSight

According to BitSight, 70% of data breaches have been caused by third parties. The federal government, most noteworthy the Federal Housing Finance Agency, have indicated an interest in oversight of third party provider relationships.

First of all, if you are considering vendor A, B, or C, part of your due diligence may be to look at the history of the company to see how many breaches they have had. Second, let’s say you have third party relationships with 10 companies. They may pass muster at the inception of the contract — how have developments impacted the company vulnerability? It seems like continuous monitoring should be applied to vendors as well — this is called vendor risk management.

What can happen? The third party can go bankrupt. They can have a data breach. They could be acquired. The federal government is replete with smaller tech companies who have merged or been bought out by others.

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.