720-891-1663

Uncategorized

Choosing A Secure and Verifiable Technology

Leave a comment

In light of the recent admission that the US Treasury Department was among the organizations compromised when vendor BeyondTrust was compromised, figuring out how to assess and doing the assessing of vendors, which today almost always includes technology, is clearly critical.

A very large percentage of breaches we hear about involve vendors. For example:

  • The Capital One breach in 2019 was caused by weak security in their Amazon cloud. It affected 100 million people.
  • The Snowflake breach compromised data from dozens of companies (or more). For AT&T alone, it affected 90 million customers.
  • The MoveIt breach, which does not seem to be willing to end, affected a hundred companies or more and close to a hundred million records.
  • The TicketMaster breach, which affected over 500 million customers, was caused by compromised credentials to a cloud account.
  • The MGM and Caesars breaches were possible due to the hacker socially engineering a third party help desk provider into resetting admin passwords

The reality is that third party providers are not going away. That means you have to do the best job you can to verify the security practices of your vendors.

That also means that you have to be willing to walk away from a vendor who is unwilling to convince you of those practices.

The security geeks from Australia (the Australian Signals directorate, their version of the NSA), the Australian Cyber Security Center, the Canadian Centre for Cyber Security, the National Cyber Security Centre (Part of England’s GCHS, Their NSA), CISA, New Zealand’s National Cyber Security Centre and Korea’s National Intelligence Service all collaborated on Choosing secure and verifiable technologies.

That is a very large amount of brainpower and it is free to you and me.

The document provides background and then provides considerations for both INTERNAL and EXTERNAL procurement considerations.

The document factors in Secure-by-Design considerations from all of these players.

The document provides what amounts to a checklist of considerations that you can use when evaluating vendors.

The document is only 40 pages; short by comparison, and definitely worth reading.

If you need assistance with vendor evaluations, please reach out to us.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy