The trouble with third-party assessments

When it comes to security, more is always better, right?

That sounds good in the abstract, but in practice it can cause problems. For example, I have always resisted allowing any of our 20,000-plus customers to conduct third-party assessments of our security measures. I re-evaluate that policy from time to time, but for now I’m sticking to it. I’ll explain why.

My team spends more than 20% of their time filling out security questionnaires, doing security-related contract reviews, responding to requests for information and participating is sales engagement meetings to address security and privacy. Repeatedly, we find that prospective customers want to conduct a security assessment of our applications and infrastructure, using either their own resources or a third party. It would just be a matter of them running a tool such as Nessus, Qualys or Nmap.

To read this article in full or to leave a comment, please click here

The trouble with third-party assessments

Tesla’s EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels

TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound

This entire nation’s public health department was found to be running on a single Excel spreadsheet

Dyson vacuums have one big problem and I don’t understand why