How to ensure data is secure once it leaves the company network and heads to a 3rd party?
My company is shifting their data security emphasis to monitor 3rd parties. For example: we’re constantly sending data to a firm that processes our finances and performs basic accounting/reporting. How do we ensure these 3rd parties aren’t mishandling our data? How do we know if Joe Shmoe isn’t copying our files, losing/replicating our tapes, or distributing our sensitive information? I’m looking for technologies, software, questionnaires, or some methodology that provides a meaningful assessment or metric that indicates how secure our data is once it leaves our network.
Duce’s response is more inline with what I’m looking for. We’ve already established contracts with these 3rd parties that prevent them from mishandling our data, but nothing is full-proof. Our business wouldn’t exist if our data was in the wrong hands, so we’re not satisfied with just a legal contract that says "we’ll sue you if you f-up". We’ve got the encryption down, we have reliable means of sending data, but nothing that helps us assess a 3rd party’s handling of our data. Any tracking mechanisms? Software-related quality assurance, maybe? Tools that provide metrics that give an indication as to how responsible/reliable another company’s infrastructure is?
Tagged with: basic accounting • contracts • data security • encryption • full proof • infrastructure • joe shmoe • legal contract • meaningful assessment • mechanisms • methodology • metrics • quality assurance • questionnaires • technologies software • wrong hands
Filed under: Data Security Software
Like this post? Subscribe to my RSS feed and get loads more!
http://www.webmail.us/?c1=ppc&source=adwords&kw=sending_secure_email_exm
http://www.iopus.com/freeware/secure-email/
u need to encrypt all the stuff u send u can do this easily with the new windows vistas for business if u havnt upgraded u need to because vista is getting a bad wrap its 1 of the most secure os ever u will have no problems if u use this
Have the data sent encrypted to them this won’t keep them from using the data for reasons not approved by your company, but it ensures the data won’t be accessible to a hacker. If your company has signed a contract with this 3rd party then there are provisions in the contract for misuse of your data that might be punishable by law
Your provider can assist you on setting a router destinations that is secure. It is a paid service so that the routing tables force all your data to only be handled by the paid secure detinations that assures no un-wanted third party handling.
I am un sure of the route service provider that handles this. But it is how you secure and control the security of transmissions.
Don’t give them your data. Host your data internally and provide usernames to each and every user that will be handling your data directly. In essence have a SOX compliant system for your accountants etc. If it’s all financial data, you can use Oracle/SAP/_FAVORITE_VENDOR_ and create accounts withing that system.
Also, make sure if the data is accessible via web, they must use HTTPS and so on. Try reading a CISSP book for some tips.