ENSURE YOUR SERVICE SOFTWARE IS PROTECTED
The recent security compromise of the United States Treasury, Department of Commerce and other government agencies by Russian hackers has prompted major concerns about which IT vendors organizations should rely on.
The root of the hack stems from SolarWinds’s Orion IT monitoring platform.
To ensure that your service management software system is protected, here are some questions you should ask to make sure your IT vendor will keep your company and your customer’s data safe.
Does the vendor adhere to security best practices?
Are they ISO27001 certified? This is an international standard that provides a management framework for implementing an Information Security Management System (ISMS) to ensure the confidentiality, integrity and availability of all corporate data. If the vendor is not ISO27001 certified, can you confirm that their data center partners are?
Do they align their ISMS to good standards and best practices, such as:
- ISO27001 or other standards based on the National Institute of Standards and Technology (NIST)
- The Payment Card Industry Data Security Standard (PCI-DSS)
- The Information Assurance for small and medium-sized enterprises (IASME)
- Or, the UK National Cyber Security Centre’s Cyber Essentials Plus or Cloud Controls Matrix (CCM)
Do the vendors follow the security concerns outlined by the Central Intelligence Agency (CIA) Triad of confidentiality, integrity and availability?
- Confidentiality: The data needs to be private and remain private. Vendors should ensure only the people who are authorized to view the data have access to it. There are different levels at which this applies. Vendors need to protect their SaaS platform, each of their customer’s systems, controls within each customer’s system, vendor controls to the SaaS system and the vendors own controls over the information they store to run their business.
- Integrity: The data itself needs to be consistent, accurate and trustworthy. The data must be trusted and nonrepudiation must exist.
- Availability: The data must be available. Having data that is secure, yet inaccessible, is useless. Users need to be able to access data when they need it, so vendors need to be sure that they are resilient, they have built in redundancies and can ensure business continuity.
Do the vendors practice what they preach?
- Do they run their own business on the principles listed above?
- Do they use the platforms and tools that they expect their customers to rely on to run their business?
It’s important to find IT service management software vendors who answer the previous questions in the affirmative. Not only is it the right thing to do, but it’s the best way to protect against potential harm from a security breach. Vendors need to build up trust with their customers and prevent them from potential reputation damage.
Ultimately, the vendors need to protect customers from any potential vulnerabilities along the IT supply chain that may expose data or other security risks. They must also address legal or regulatory concerns pertaining to their customers such as GDPR, HIPAA, CPRA and other data protection laws. Your IT vendor should be concerned about protecting your data to avoid the costs of dealing with the aftermath of a hack.
Be an informed consumer and do your due diligence while selecting an IT vendor. Ask questions to make sure your organization is protected from potential cybersecurity threats.
Download our whitepaper to learn more about how Vivantio values security and what measures it takes to keep your customer service data protected.