Target and Neiman Marcus, UPS and the USPS, Home Depot and K-mart, the Department of Veterans Affairs and the UK’s National Health Service: what do all these organizations have in common? In 2014, each of these giants in their respective markets fell victim to data breaches. Target’s breach sent IT departments scrambling to spend $70 billion (an 8% spike) on IT security solutions, but leading experts to believe that these solutions won’t mean much without some fundamental changes in the way IT views security, particularly in the way outside vendors are handled. Why should vendor management fall under the purview of IT asset management?
Vendors Handle Sensitive Data Assets
Vendors are often relied upon to manage data, including data integration, data warehousing, backups, and backup storage in the cloud. If the security measures in place with the vendor aren’t as good as or better than those in place at your own company, that data is at risk every step of the way. Breaches can occur during data transfer, when systems are updated or upgraded, when backup information is transferred to a cloud service provider, and while the data is in storage. With solid IT asset management in place, the IT department always knows where data is, who’s got access to it, and what security measures are in place with cloud service providers and other vendors who work with corporate proprietary data or sensitive information on customers.
Vendors Handle Critical Hardware Assets
The UK’s National Health Service was a bit embarrassed this year when one of their vendors sold some of their hard drives — still filled with information on patients — on eBay. Other instances of hardware mismanagement by vendors includes stolen laptops (Coca-Cola had 55 laptops stolen by a vendor, filled with sensitive data on many thousands of employees). When proper asset management protocol is in place, devices don’t go missing. Hard drives, mobile devices, and computers are always accounted for. Additionally, a properly trained asset manager has the skills to properly dispose of discarded servers, hard drives, and other hardware that contains such information. Or, the IT manager knows to hire a reputable vendor to dispose of hardware properly so that it doesn’t end up on eBay, complete with all the fixings for large-scale identity theft.
Vendors Handle Important Software Assets
Software and software updates have served as open gateways to countless data breaches on all scales. Software assets are easily handled by a good asset management solution, so that vendors in charge of installing, updating, or otherwise handling software can be monitored. In order to address breaches, it is crucial to quickly identify, address, and communicate so that everyone involved can take measures to stop the leak. This can only be done when IT has control over the software assets and the vendors working with those assets.