{"id":5519,"date":"2020-09-10T19:50:34","date_gmt":"2020-09-10T18:50:34","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5519"},"modified":"2021-04-06T19:57:24","modified_gmt":"2021-04-06T18:57:24","slug":"do-your-vendors-take-security-seriously","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously","title":{"rendered":"Do Your Vendors Take Security Seriously?"},"content":{"rendered":"<p>Over the past few years, security experts have increasingly emphasized the risks inherent in the software supply chain. Businesses rely on cloud applications that add complexity into an environment. The application itself could have bugs that leave an opening. Code libraries used by developers to simplify engineering could have flaws. The software could integrate with another application that may be insecure. In short, businesses do take on some additional risk in such an interconnected business environment.<\/p>\n<p>That\u2019s why it\u2019s important your software vendors take their roles as business partners seriously. Their security\u00a0<i>is<\/i>\u00a0your security. When looking for a vendor selling tools for your MSP\u2014whether it\u2019s\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/rmm\/use-cases\/it-asset-management-tool\" target=\"_blank\" rel=\"noopener\">security tools<\/a>,\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/rmm\/network-device-monitoring?promo=blog\" target=\"_blank\" rel=\"noopener\">network management<\/a>, or\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/rmm\/backup-and-recovery?promo=blog\" target=\"_blank\" rel=\"noopener\">backup<\/a>\u2014it\u2019s important to not only match feature lists, but also kick the tires on their security.<\/p>\n<p>No software is perfect or vulnerability-free forever. But strong vendors put processes and protocols in place to reduce the risk and deal with threats if they crop up. And most importantly, strong vendors\u00a0<em>publish<\/em>\u00a0their security protocols and processes so you can evaluate whether they meet your standards. (If they don\u2019t, it\u2019s worth giving it a second thought on whether to trust them with your business and your data).<\/p>\n<p>Today, we\u2019ll talk about some things to look for (and ask about) to help you make sure you can trust them with your data.<\/p>\n<h2 class=\"h3\">Product<\/h2>\n<p>When considering a vendor, start by looking at how they develop their products. Look for principles and methodologies they follow when building processes. Using strong, industry-recognized development and data privacy rules can give you assurances they take security seriously. Here are just a few to look for:<\/p>\n<h4>DATA PRIVACY BY DESIGN AND DEFAULT<\/h4>\n<p>Developments in data privacy laws around the globe increasingly require data privacy by design and default for organizations building products that handle personally identifiable information (PII). This is a major step in the right direction\u2014rather than tacking on data privacy as an afterthought, organizations that weren\u2019t already forward-thinking on this began to emphasize data privacy more strictly. It\u2019s important to make sure organizations take steps to meet these goals by designing products with data privacy in mind\u00a0<em>first\u00a0<\/em>(by design) and making sure the strictest privacy rules apply out of the box (by default).<\/p>\n<h4>SECURE DEVELOPMENT LIFECYCLE<\/h4>\n<p>Next, try to inquire about how organizations develop their code. For example, some organizations implement the Secure Development Lifecycle (SDLC), a framework standardized by US-CERT. Following these practices increases the likelihood of producing secure products. The SDLC includes several components and practices for understanding security requirements, developing code securely, testing before code deployment, and incident response for issues that occur. (If you\u2019re curious and want to take a deep dive into the SDLC, visit\u00a0<a class=\"ext\" href=\"https:\/\/us-cert.cisa.gov\/bsi\/articles\/knowledge\/sdlc-process\/secure-software-development-life-cycle-processes\" target=\"_blank\" rel=\"noopener noreferrer\">US-CERT<\/a>.) The most important takeaway here, however, is that organizations should have a strong, mature model for developing secure products and maintaining their own security.<\/p>\n<h4>INFRASTRUCTURE PRACTICES<\/h4>\n<p>There\u2019s far more to an application\u2019s security than its code. The vendor should consistently check its own underlying infrastructure for potential issues. This means maintaining strong security controls for its systems like strong\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/n-central\/use-cases\/firewall-management-software\">next-generation firewalls<\/a>, robust endpoint security for employees, password security rules and policies, vulnerability management programs, and frequent penetration testing and security posture assessments, to name a few.<\/p>\n<h4>PEOPLE AND PROCESSES<\/h4>\n<p>The underlying code is only one piece of the puzzle\u2014vendors also need to make sure they handle the people element of their own business\u2014from the software developer to the security professional to the non-technical finance analyst. Here are a few things to look for:<\/p>\n<h4>PROCESSES FOR HIRING AND OFFBOARDING<\/h4>\n<p>Software vendors need to make sure they have strong HR processes in place. When hiring, they should do background checks for employees, particularly in sensitive positions like systems administrators or engineers with access to sensitive data. Beyond that, they\u2019ll need to properly deal with employees during the offboarding process. While employees who lose their jobs may have an axe to grind, even employees leaving on good terms can potentially try to \u201chelp themselves\u201d to some data on the way out. Vendors should have a series of controls and checks in place to make sure they cut off access to key data and systems when someone leaves to prevent an after-the-fact attempt to steal data, delete it, or harm the organization or its customers.<\/p>\n<h4>FREQUENT SECURITY AND COMPLIANCE TRAINING<\/h4>\n<p>The human element plays a major role in security. Despite the best efforts of security and IT teams, individual employees need to have a base level of knowledge both in terms of security and compliance. Every employee should undergo periodic security and compliance training to make sure they\u2019re on guard against potential cyberthreats.<\/p>\n<h4>DEDICATED SECURITY AND INCIDENT RESPONSE (IR) TEAM<\/h4>\n<p>Despite their best efforts, vendors will have some security incidents. They happen to\u00a0<i>everyone<\/i>. It\u2019s just as impossible to have a perfect security posture as it is to release bug-free code. Organizations need to plan for this by having a strong incident response team and well-documented (and rehearsed) processes in the event of an actual security incident. By having an IR team in place, they can respond to incidents faster and minimize the damage (or prevent it from spreading in the first place if caught fast enough).<\/p>\n<h2 class=\"h3\">The bottom line<\/h2>\n<p>Ultimately, your vendors should have enterprise-level security and follow strict protocols and frameworks if they take your role as a partner seriously.<\/p>\n<p>And to reiterate the point from the introduction, your vendors should also publish their policies and protocols. They should be transparent and give you enough information to make an informed decision before you entrust them with your business and data. Think twice before working with a company that\u00a0<em>doesn\u2019t<\/em>\u00a0publish their security policies. With the sheer number of cyberattacks, vendors have a vested interest in reassuring their customers they take their privacy and security seriously. As a result, make sure to seriously consider whether working with a vendor who doesn\u2019t publish their security policies is worth the risk.<\/p>\n<p>SolarWinds MSP places a premium on the security of its products and makes sure everything is backed by sound security processes, procedures, and standards. You can learn all about the steps we take to protect your data by visiting our\u00a0<a class=\"ext\" href=\"https:\/\/www.solarwinds.com\/trust-center?promo=blog\" target=\"_blank\" rel=\"noopener noreferrer\">Trust Center<\/a> today.<\/p>\n<p><em>Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology,\u00a0including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim\u2019s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.<\/p>\n","protected":false},"author":43,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5519","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Do Your Vendors Take Security Seriously? - N-able<\/title>\n<meta name=\"description\" content=\"Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Do Your Vendors Take Security Seriously? - N-able\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-10T18:50:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-06T18:57:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tim Brown\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Brown\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\"},\"author\":{\"name\":\"Tim Brown\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8\"},\"headline\":\"Do Your Vendors Take Security Seriously?\",\"datePublished\":\"2020-09-10T19:50:34+01:00\",\"dateModified\":\"2021-04-06T18:57:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\"},\"wordCount\":1151,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\",\"name\":\"Do Your Vendors Take Security Seriously? - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2020-09-10T19:50:34+01:00\",\"dateModified\":\"2021-04-06T18:57:24+00:00\",\"description\":\"Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/it\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Do Your Vendors Take Security Seriously?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8\",\"name\":\"Tim Brown\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"caption\":\"Tim Brown\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Do Your Vendors Take Security Seriously? - N-able","description":"Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously","og_locale":"it_IT","og_type":"article","og_title":"Do Your Vendors Take Security Seriously? - N-able","og_description":"Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.","og_url":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-09-10T18:50:34+00:00","article_modified_time":"2021-04-06T18:57:24+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"Tim Brown","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"Tim Brown","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously"},"author":{"name":"Tim Brown","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8"},"headline":"Do Your Vendors Take Security Seriously?","datePublished":"2020-09-10T19:50:34+01:00","dateModified":"2021-04-06T18:57:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously"},"wordCount":1151,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"articleSection":["Security"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously","url":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously","name":"Do Your Vendors Take Security Seriously? - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2020-09-10T19:50:34+01:00","dateModified":"2021-04-06T18:57:24+00:00","description":"Cybersecurity should always be a priority. Learn how to ensure your software vendors take their roles as business partners seriously.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/it\/blog\/do-your-vendors-take-security-seriously#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/it\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"Do Your Vendors Take Security Seriously?"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8","name":"Tim Brown","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","caption":"Tim Brown"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/5519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=5519"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/5519\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=5519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}