Tip:
Highlight text to annotate it
X
When you're working with a third-party,
there's an additional need to comply
with very particular security controls.
When you have many different people accessing the same data,
you want to be sure that that particular data is
safe and secure.
Within your own organization, security compliance
has its own challenges associated with it.
These challenges are even wider when
you're working with a third-party.
And then when you introduce new technologies
like cloud computing, where your data can exist
far outside the scope of both of your organizations,
there are additional technical challenges
you have to consider.
Sometimes this compliance is not just a good idea,
it's a legal mandate.
You are required by law to provide
a certain level of security of this data.
An example of some of these are HIPAA--
this is the Health Insurance Portability and Accountability
Act.
You also have credit card security
such as PCI DSS, which is the Payment Card Industry Data
Security Standard.
And for federal information security,
you have the Federal Information Security Management
Act, or FISMA.
The first step to complying with these security requirements
is to understand where all of the gaps
currently exist in your security.
Without understanding those gaps,
you're going to have no idea how to apply security controls.
Now that you have your list, you can
start resolving some of those security gaps.
Sometimes you can't apply a type of technology
to resolve a particular issue, or resolving
that problem may involve a lot of money.
And in those cases you have to balance out
what the business requirement happens
to be with the costs associated with resolving that security
concern.
This security compliance needs to be checked constantly,
so you need to perform periodic audits to make sure
that those gaps continue to be covered
and that no new problems have occurred with the security
compliance.
These audits can be remarkably involved
and may take a long amount of time to complete.
And if you're working with a third-party,
you want to be sure to coordinate your efforts so
that your audit goes as smoothly as possible,
and you can be assured that all of your security risks
have been covered.