A new coalition of tech companies including Uber and Twitter has formed to collaborate on cyber security issues and practices.
The Vendor Security Alliance aims to address the cyber security risk of company’s business partners, a growing issue in cyber security.
The VSA will work with top security experts and compliance officers will release a yearly questionnaire to benchmark risk. The questionnaire aims to provide a standardised assessment that can be applied across different industries.
Companies can use this to qualify vendors and ensure that this vendor has the required security controls in place.
Uber, docker, Dropbox, Palantir, Twitter, Square, Atlassian, Go Daddy and airbnb are all founding members of the coalition.
The Board of Directors includes President Ken Baylor, Head of Compliance at Uber, Treasurer Bala Natarajan, InfoSec Manager at Pivotal and Secretary Rajan Kapoor, Senior Manager of Trust and Security at Dropbox.
The threat posed to organisations, regardless of their own cyber security, by their supply chains has been gaining more consideration since the breach of Target, a US retailer which was hacked in 2013. 40 million customer details were leaked and Target paid out $10 million to the victims.
The intrusion into the systems came when network credentials were stolen from a refrigeration, heating and air-conditioning subcontractor.
Rajiv Gupta, CEO at Skyhigh Networks, commented on the formation of the coalition:
“Vendor vulnerability merits much more attention than it has received, even in the wake of egregious breaches like that of Target, which were enabled via trusted connections with third party vendors.
“Evaluating vendors is one part of the equation, but it is just as important to be able to actually enforce policies to prevent data from being shared with high-risk partners.”
According to Skyhigh Networks research, the average company connects to 1,555 partners through the cloud and 30 percent of corporate data is shared with partners that are high-risk.
