Target’s Data Breach and its Impact on Technology Procurement

From the C suite down to the help desk, everyone will remember the Target data breach. However, many organizations think about security last when procuring software. They’re more concerned about speed to market, not whether they’ll be facing millions of dollars in penalties for a data breach. In an article entitled “Marrying IT Risk Management with Enterprise Procurement”, Ericka Chickowski details the need for vendor risk to be evaluated during the procurement or contracting phase.

I agree with Ericka’s article and wish that more organizations would see the value in conducting vendor risk assessments in the procurement or contracting phase of an engagement, instead of attempting to clean up after a data breach or other security issue. An older article written by Tim Burt prophetically explores the sensitive data involved in cloud computing and it’s effect on Procurement.

In the race to purchase software from a vendor, organizations should temper that speed with sound vendor and risk analysis in the procurement or contracting phase of an engagement.  It shouldn’t take a data breach for organizations to remember that, but sometimes it does.

Below is a great video on assessing technology vendor risk and security from Monte Ratzlaff, Security Manager, at UC Davis Health System, as he presents “Vendor Risks: Evaluating the Security of New Technology”:

Advertisements

One thought on “Target’s Data Breach and its Impact on Technology Procurement

  1. Pingback: Unlimited Liability for Breach of Confidentiality in SaaS / Cloud Contracts | the vendor chronicles

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s