Akamai Diversity
Home > Web Security > Video Presentations from BSidesLV 2014

Video Presentations from BSidesLV 2014

My friend Adrian Crenshaw of Irongeek.com has pulled off quite a feat -- posting all of BSidesLV's video-recorded presentations. Pretty impressive, since it's barely been a week since the event opened. Go here to watch the full roster of videos. For this post, I want to share the presentation by Akamai's own Patrice Coles, "Third-Party Service Provider Diligence: Why are we doing it all wrong?"

Sciatic_Nerd_BSidesLV2014_Winning_Submission.png

Talk summary:

The demands of third-party service provider vendor due diligence and compliance management are growing rapidly in light of increased emphasis on these programs by regulators as well as outsourcing to reduce operational costs.

Historically, vendor diligence programs have not adequately and consistently addressed proactive identification of potential risks, ongoing competence of third party service providers, and production of a vendor management program that truly aligns with business strategies, identifies the risks commensurate with the complexity of the business environment, and produces a clear measure of the effectiveness of the provider. In addition, service providers suffer under the burden of the sheer number of diligence questionnaires, lack of consistency in them, inconsistent workload, and resource conflicts with compliance and sales efforts.

Diligence response is potentially labor intensive with the possibility of providing no return on the investment. Aimed at third-party service providers and businesses with vendor diligence programs, this presentation looks at case studies from real service providers and their customers to exemplify the ways that traditional vendor management fails to meet the objectives of today's business and the regulatory environment. It then proposes a means to rectify these failures and evolve vendor due diligence programs to the next step.

Participants will learn how to establish the goals of the vendor diligence program, understand the scope of the product and its potential impact on their environment, define a central body of knowledge, address only what is important, and iteratively evolve their diligence process to provide a more valuable product in less time.

Leave a comment