An ever-growing area of concentration in risk management is identifying and mitigating the risks that third parties introduce to an organization – and perhaps equally important, ensuring that third parties don’t introduce unmeasured risk. One might think that third-party governance systems, sometimes used for vendor assessments, could be used to manage the identity and access management aspects of the vendor relationship. However, most security vendors do not consider identity to be part of third-party management. In fact, organizations realize the risk of third parties the moment they provision access, whether or not it is measured, mitigated, or even known.
Download our latest whitepaper, “The Risk Management Blind Spot, Third-Party Identities Often Create Unrecognized Risk” to read more on :
- Risk management best practices
- Applying risk tolerance for third parties
- Third-party identity risk management responsibilities
- SecZetta’s approach to third-party identity management