enterprisesecuritymag

Security Vendors: Leveraging Partnerships and Reducing Risk

Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie Mae

Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie Mae

In thinking of the pandemic, we are reminded that you should not wait for a crisis to make a plan. Stretching the adage further, the start of a crisis is not the time to be meeting your vendor’s leadership team for the first time to compare notes. This is especially true with your security providers. Successfully navigating through a crisis, each with its own unique challenges, requires leveraging established relationships to ensure stability during uncertain times. And as for posing unique challenges, the COVID-19 pandemic is in a class all its own.

With work from home the new norm in many corporate settings, the need for security and safety in the workplace remains paramount. Reduced building occupancy does not diminish overall risk, and instead presents its own set of challenges to manage. Whether it is monitoring fire or intrusion alarms, the array of security tools we deploy during “normal” times remain fundamental as we protect our essential on-site personnel and property. The good news is that many essential security functions,includingretrieving access reports to facilitate contact tracing,running a 24/7 operations center, or tracking threats can be done remotely and efficiently. Success relies ona continuity plan that leverages matured relationships with critical vendors.

"Investing in and nurturing a strong partnership where your security vendor feels like a valued part of the team is integral to success, especially during times of crisis when you need to pivot quickly"

The COVID-19 pandemic has been instructive. As a base line, business continuity plans must consider the criticality of third-party security services to ensure uninterrupted coverage, and the continuity manager, to achieve true resiliency, must understand fully the security function and process. The pandemic has hammered this lesson home.Asa security leader, it is incumbent upon you to ensure your team is positioned to execute on the physical security continuity plan. This takes, in part, understanding your vendor’s capabilities and their continuity plans. Your vendor’s vulnerabilities become your operational vulnerabilities. For example, just as you may be operating with reduced on-site staff during a crisis, your security vendor is likely operating under the same restrictions. That said, other than providing you with requisite security coverage, is your vendor able to provide and sustain other support functions necessary to address risk? For instance, if your 24 x 7 security control or operations center is primarily staffed with contractors, do they have the capability to go remote? Do critical security contractor staff have access to systems and equipment to facilitate remote operation in a loss of facility scenario? These are the questions that must be answered before the crisis to ensure continuity of business.

The inability to deliver on critical security services such as threat monitoring and response during times of crisis amounts to a business disruption. You must enable your security vendor by providing workaround strategies such as remote work support, just as you do for employees. Doing so will ensure you meet the needs of the business, as well as meet employee security and safety expectations.

Setting yourself up for success goes beyond the four corners of a supplier contract. Investing in and nurturing a strong partnership where your security vendor feels like a valued part of the teamis integral to success, especially during times of crisis when you need to pivot quickly. A strategic partnership, based on mutual respect and aligned goals, is foundational to vendor relationship management and a pathway to promoting safety and security.

Read Also

Building a Comprehensive Industrial Cyber Security Program

Building a Comprehensive Industrial Cyber Security Program

Mohamad Mahjoub, CISO, Veolia Middle East
Bolstering Cybersecurity

Bolstering Cybersecurity

Amr Taman, Chief Information Security Officer, Al Ahli Bank of Kuwait
Building Untrusted Networks to Improve Security

Building Untrusted Networks to Improve Security

Earl Duby, Vice President and CISO, Lear
Security challenges that companies face when implementing telehealth and the solutions and best practices for managing the risks

Security challenges that companies face when implementing...

Stefan Richards, Chief Information Security Officer, CorVel Corporation
Building Cyber Resilience during Covid-19

Building Cyber Resilience during Covid-19

Aleksandar Radosavljevic, Global Chief Information Security Officer, STADA
IAM may help secure data, but it needs to be protected as well

IAM may help secure data, but it needs to be protected as well

Marc Ashworth, Chief Information Security Office, First Bank