Enterprise security posture extends to vendors as well

Massive security changes are taking place as the security buzz grows, especially in relation to giant corporations and their efforts to keep information protected. Huge public breaches are increasing public awareness about internet security and privacy, and as a result, many firms are implementing tighter enterprise security controls. Facebook and Google have both migrated from 1024-bits to 2048-bit encryption keys, while companies like Apple, Microsoft, Twitter, Myspace and Dropbox already have these in place.

These changes can be costly and time consuming, but ultimately improving the overall security posture is best for the company and for the consumers.

But what about the security of the companies that partner with these big businesses? Now more than ever, vendors and partners are being held accountable to follow security best practices as well. Businesses like Google are taking measures to ensure that each firm they partner with is as secure as possible:

“The Google Partner badge means that we trust you, and your clients should too. It shows your business is healthy, your clients are happy, and that you follow Google best practices,” their partner site reads.

In defining their best practices, Google outlines that they encrypt many services using SSL; implement two step verification when possible; review information collection, storage and processing methods to protect security; and restrict access to personal information in order to make the Internet safer and more secure.

So of course, their partners have to be held to these same tight security standards.

“Technical security testing by security specialists is absolutely necessary to make sure the software that handles confidential and sensitive information is safely configured and not vulnerable to attacks. For this reason, Google requires its business partners to at least annually perform penetration tests,” one vendor that builds microsites for Google said.

The requirement to be security tested is something that Google and several other companies are stringent on. If a vendor of Google gets hacked and information gets stolen, it looks just as bad on Google and costs them just as much as it does the vendor itself.

Another vendor added, “External audits help to ensure the security program of your company compares well against industry standards. In addition, it is often helpful to have an external set of eyes (particularly those of security experts) review the selected controls and their implementation. Therefore, Google generally requires annual audits of the security program by an independent external party.”

Have Tiro Security perform your company’s next penetration test and receive a detailed report on present security vulnerabilities. We work with clients across several industries and offer very tailored services, specializing in helping companies through their very first penetration test. We do not look to tie clients into long term contracts and are happy to provide small tests for very short durations. All our work is done in the United States by Tiro Security employees—we never outsource. Contact us and see why we have a 100% record of clients returning to us.