Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Best Practices

 

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

By Byron V. Acohido

Accounting for third-party risks is now mandated by regulations — with teeth.

Related: Free ‘VRMM’ tool measures third-party exposure

Just take a look at Europe’s GDPR, NYDFS’s cybersecurity requirements or even California’s newly minted Consumer Privacy Act.

What does this mean for company decision makers, going forward, especially as digital transformation and expansion of the gig economy deepens their reliance on subcontractors?

I had the chance at RSA 2019 to discuss that question with Catherine Allen, chairman and CEO of the Santa Fe Group, and Mike Jordan, senior director of Santa Fe’s Shared Assessments program.

Allen is a widely respected thought leader on this topic, having launched Shared Assessments in 2005 as an intel-sharing and training consortium focused on third-party risks. And Jordan has had a hands-on role working third-party risk issues for more than a decade.

To hear the full interview, please give the accompanying podcast a listen. Here are a few key takeaways.

Addressing third-parties

Allen founded The Santa Fe Group in 1995 and established it as a leading consultancy, specializing on emerging technologies. With subcontractors playing a rising role and third party risk covering so many complex fields of expertise, six big banks and the Big Four accounting/consulting firms tasked her with coming up with a standardized approach for assessing third party vendor risk.

What emerged was a quasi-trade association – Shared Assessments. The founding participants developed assessment regimes and tools, all having to do with measuring and assessing, essentially, third-party risks. It was a natural step to expand and evolve these protocols and tools, and to invite companies from other sectors to participate. Collaborating in advance on what’s important in third party risk lets organizations and their vendors come to a faster agreement on what to do about those risks. That out of the way, business can proceed with less risk. …more

Comment | Read | April 24th, 2019 | Best Practices | For technologists | My Take | Podcasts | RSA Podcasts | Steps forward | Top Stories

Q&A: How AI, digital transformation are shaking up revenue management in high tech, life sciences

By Byron V. Acohido

A recent poll of some 300 senior executives from U.S.-based life sciences and high-tech manufacturing companies sheds light on how digital transformation – and the rising role of third-party partners – have combined to create unprecedented operational challenges in the brave new world of digital commerce.

Related: AI one-upsmanship prevails in antivirus field

Model N’s 2019 State of Revenue Report surveyed CEOs, CMOs and senior sales executives from leading pharmaceutical, medical devices, high-tech manufacturing and semiconductor companies. Model N is a San Mateo, CA-based supplier of revenue management systems.

Some 78 percent of respondents said AI has altered the way they do revenue management,  while 69 percent identified digital transformation as a revenue management game changer. Meanwhile, some 90 percent of respondents reported reliance on 20 or more partners, while 70 percent said they work with 40 or more partners.

Model N’s study provides yet another perspective on the unprecedented complexities organizations must navigate to compete in an internet-centric business environment. The core challenge for just about any company seeking top line and bottom line growth boils down to solving two intricate puzzles: how to deploy advanced digital systems in just the right measure; and how to collaborate, effectively and securely, with third-party partners.

And, of course, this must be done while defending the company’s digital assets against rising cyber attacks, launched by skilled, determined threat actors.

With that in mind, Last Watchdog sat down with Model N CEO Jason Blessing to drill down on a few instructive findings from Model N’s poll — and connect the dots to some wider. Here are excerpts edited for clarity and length.

LW: How has the revenue generation landscape shifted over the past few years? …more

Comment | Read | April 16th, 2019 | Best Practices | For technologists | Q & A | Top Stories

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Identity governance and administration, or IGA, has suddenly become a front-burner matter at many enterprises.

Related: Identity governance issues in the age of digital transformation

This is, in large part, because the complexity of business networks continues to escalate at a time when compliance mandates are intensifying. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint, an Austin, TX-based supplier of IGA services to discuss this.

SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. Its customer base is comprised of eight of the top 15 banks, four of the top six healthcare insurance and managed care providers, nine of the top 15 property and casualty insurance providers, five of the top 13 pharmaceutical companies, and 11 of the largest 15 federal agencies.

The identity challenges these large organizations are wrestling with can be instructive to organizations of all sizes and in all verticals – any entity that is participating in the global supply chain. For a full drill down of our conversation, give a listen to the accompanying podcast. Here are a few of the key takeaways:

Identity’s moment

Traditional concepts of putting up perimeter defenses to protect on-premise systems have gone out the window. Companies today routinely use a combination of on-premise and cloud-supplied infrastructure. Meanwhile, employees, partners, suppliers and customers are using their smartphones to gain access.

In this digitally transformed environment, maintaining perimeter defenses still has a place. Yet,  most breaches today can be traced back to a compromised identity, or misuse of an authorized identity. …more

Comment | Read | April 3rd, 2019 | Best Practices | For technologists | RSA Podcasts | Top Stories

« Newer Articles