How confident are you in your third parties?
More and more organisations are looking to achieve high quality service in cost effective ways by concentrating on their core business activities and using third parties to provide a broad range of support services such as IT, HR, back-office processing and administration.

This reliance on third parties can clearly bring a number of benefits aside from cost reductions, including improved business agility and customer service combined with increased resilience. However, in order to achieve many of these benefits, it is necessary for an organisation to connect with third parties and share potentially sensitive information and resources.

The challenge
As recent media reports are all too frequently highlighting, this network of connections, suppliers and third parties processing sensitive information presents a huge challenge in ensuring information is managed appropriately. A commonly used adage is that security controls are only as strong as the weakest link. In terms of the extended enterprise, this means that an organisation’s sensitive data (e.g. customer information, intellectual property, etc.) is potentially only as secure as its least secure provider or supplier. Therefore appropriate contracts, poor security controls or a lack of understanding of how information is shared with a potentially large number of partners can introduce risks which could all too easily result in data breaches, fines from regulators or damage to reputation.

For more information, download our extended enterprise security product card (PDF, 78kb) and Deloitte research into extended enterprise security - Safeguarding data beyond your walls (PDF, 199kb).

Related information:
Information leakage
Crisis management