If I were to think of the most talked about topics of 2017, for me it would come down to these four.  Of course, as 2017 draws to a close we will not all stop talking about these; instead, I think as threats and business risk continues to grow these topics are going to be as pertinent in 2018 as they were in 2017.

1.      Data Protection

2.      Third-Party/Vendor Risk

3.      Security/Cyber Risk

4.      Integrated Risk Management


I’ll start with the first two topics then follow up next week with the remaining two:


1. Data Protection: The first thing I think about when I hear data protection is the General Data Protection Regulation (GDPR).  It’s no wonder, if you google “data protection” that’s all you’ll see. I'm sure everyone is aware it will take effect May 25, 2018 and will affect organizations worldwide, in every industry.  The regulation is so comprehensive that even though all organizations are “supposed” to be ready by May, I don’t think anyone believes they all will.  The GDPR, and data protection in general, is a topic that will continue throughout 2018.  In fact, I wouldn’t be surprised if we didn’t see other regulations focused on data protection making an appearance in 2018.


At ServiceNow we’ve been talking about the GDPR for some take and have outlined 9 ways in which we can help.  We’ve also taken a focused look at it through the lens of a financial services company.  If you want to learn more I suggest reading these blogs:



2. Third-Party/Vendor Risk: One of the hot topics of 2017 was third-party risk.  This was driven, I suspect, by the numerous breaches of large organizations that hit the news that were accomplished by exploiting security vulnerabilities in third parties. I’m sure you can all think of at least 1.  I also think the focus on vendor risk is a natural outcome of the movement to the cloud.


Organizations have spent a great deal of time and money over the years securing the perimeter of the organization.  Within the last couple of years that has started to shift to securing data in the cloud, and as it travels to and from the cloud.  As cloud services for pretty much everything continues to grow, organizations have started to really think about the risks posed by the third-parties hosting their data/infrastructure/applications. To be clear, it’s not just who you outsource to, it’s who you’re doing business with in general: suppliers, distributors, partners, consultants, etc.  And thinking about the risk they pose to you is a good thing!  Because as more organizations take advantage of cloud services, and trends like the Internet of Things (IoT) gains popularity, third-party risk is just going to get more important to your business.

Vendor Risk Video iconII.png

ServiceNow recently released an application in our GRC portfolio to help you assess your third-party risk.  I encourage you to watch the video about Vendor Risk Management and for more insights read our blogAll Enterprises Should Have a Vendor Risk Program.”


To find out more about the topics discussed above please visit our website at www.servicenow.com/grc