If I were to think of the most talked about topics of 2017, for me it would come down to these four. Of course, as 2017 draws to a close we will not all stop talking about these; instead, I think as threats and business risk continues to grow these topics are going to be as pertinent in 2018 as they were in 2017.
1. Data Protection
2. Third-Party/Vendor Risk
3. Security/Cyber Risk
4. Integrated Risk Management
- GDPR: 9 Ways ServiceNow can Help
- Part One: Managing Privacy and Risk in Financial Services
- Part Two: A Single System of Record (Sarbanes-Oxley (SOX))
- Part Three: The Cost of Non-Compliance (GDPR)
- Part Four: Responsible for You and Your Friends (Vendor Risk)
- Part Five: We Have a Plan (NY State Cybersecurity Regulation)
- Part Six: Rinse and Repeat (IT GRC)
2. Third-Party/Vendor Risk: One of the hot topics of 2017 was third-party risk. This was driven, I suspect, by the numerous breaches of large organizations that hit the news that were accomplished by exploiting security vulnerabilities in third parties. I’m sure you can all think of at least 1. I also think the focus on vendor risk is a natural outcome of the movement to the cloud.
Organizations have spent a great deal of time and money over the years securing the perimeter of the organization. Within the last couple of years that has started to shift to securing data in the cloud, and as it travels to and from the cloud. As cloud services for pretty much everything continues to grow, organizations have started to really think about the risks posed by the third-parties hosting their data/infrastructure/applications. To be clear, it’s not just who you outsource to, it’s who you’re doing business with in general: suppliers, distributors, partners, consultants, etc. And thinking about the risk they pose to you is a good thing! Because as more organizations take advantage of cloud services, and trends like the Internet of Things (IoT) gains popularity, third-party risk is just going to get more important to your business.
ServiceNow recently released an application in our GRC portfolio to help you assess your third-party risk. I encourage you to watch the video about Vendor Risk Management and for more insights read our blog “All Enterprises Should Have a Vendor Risk Program.”
To find out more about the topics discussed above please visit our website at www.servicenow.com/grc