Securing successful partnerships
Companies must consider the security implications of commercial partnerships, writes Greg Day, security analyst at McAfee.
Businesses today are becoming ever more interconnected with suppliers, partners, franchises or data auditing systems. The commercial benefits of collaborative partnerships include shared resources, expansion of markets, increased speed to those markets and cost efficiencies. Yet companies rarely consider the impact of partnerships from a security perspective, despite the fact they are often the weakest, and most damaging, link.
Commercial partnerships are based on a high level of trust and cooperation. Partners are commonly required to integrate IT systems to allow for smarter, faster data sharing – often even involving the release of confidential financial, strategic or operational data. But this openness can put companies at unmitigated risk from security practices outside their control.
A recent report from Gartner highlights that businesses which have moved towards collaborative IT systems should rethink their existing ‘trust mechanisms’ for their partners, so that they are cautious when opening up their previously closed networks to external sources such as suppliers, customers and competitors.
New partnerships bring new risks and it is crucial that businesses are either fully joined up in their security strategies or at least have taken serious steps to mitigate the risks. They need to both protect themselves against the threat of any attacks that their partners might expose them to as well as ensure that they themselves aren’t leaking attacks to their associates.
Many – especially smaller – companies rely on third party systems in order to conduct their business. This dependency means that if the IT system of the partner fails, they are reliant on the third party disaster planning. This can be crippling and costly to both current and future customer relationships.
When managing their business relationships, companies need to achieve a fine balance between ensuring the necessary level of security while not jeopardising their ability to do business by clarifying security definitions from the outset.
Regulating risk has never been more important as businesses are being forced to become more transparent due to compliance laws but as firms scramble to adhere, they are at risk of failing to recognise the strategic importance behind sound security checks for partners.
A systematic framework should be devised that allows them to assess security risks, implement controls and manage specific threats. Organisations need to select suitable IT systems and implement partner-wide policies for access control, to create as secure and manageable an infrastructure for the extended enterprise.
So, while business environments continue to expand, not using modern technology links can put businesses at a genuine disadvantage. Yet simultaneously, these partnerships and integrated processes bring with them new threats. In order to balance risk against reward, every company needs to strategically assess the security implications of opening up its IT and information network to other businesses and realise that they are only as ‘secure’ as their weakest link.