As third party outsourcing and cloud services become commonplace for enterprise organizations, security leaders need to understand and assess the cybersecurity risks of businesses that they partner with for “technology infrastructure services.” Security leaders want accurate, up-to-date information about their infrastructure provider’s security policies, procedures, and program performance so they can better understand risks to their own organizations.
Common technology infrastructure service providers include:
- Internet Service Providers
- Platform as a Service
- Infrastructure as a Service (including Cloud Service Providers)
- Internet Research (scanners, indexers, malware labs, etc.)
- Network Services (includes data centers, colocation services, VPN providers, and Content Delivery Networks)
Assessing the security posture of an infrastructure provider can be challenging. Infrastructure providers often own, operate, or provide infrastructure to their customers and delegate some (or all) of the security responsibilities to their customers who use that infrastructure. When viewed from an external perspective, it can be difficult to discern what security issues are associated with the infrastructure provider, and what issues are the responsibility of their customers. To complicate matters, Infrastructure businesses may not maintain or publish updated records or information separating their corporate and customer infrastructure.
In order to create more accurate, meaningful security analytics about infrastructure service providers, Bitsight launched a strategic initiative to improve its attribution of customer and corporate infrastructure associated with infrastructure businesses. Through enhanced asset classification, improved signal gathering techniques, and partnerships with market-leading service providers, Bitsight has developed innovative techniques to separate security issues attributable to these businesses from their customers, thereby providing enterprise security leaders with a more complete, accurate understanding of the true risks that infrastructure providers present to their organizations. This new, enhanced capability is available now.
We believe this new initiative will benefit security leaders and service providers alike, leading to improved outcomes for all parties who leverage Bitsight data.
Many security leaders turn to Bitsight for security ratings and analytics on infrastructure service providers to make better risk management decisions. They desire deeper insight into the risks facing critical technology infrastructure service organizations that they are doing business with but do not need information about non-material infrastructure. This initiative will benefit those security professionals who are looking for data and analytics to help them make informed decisions.
We also recognize the importance of this from the technology infrastructure provider point of view. We’ve taken into account the valid concerns voiced by these businesses who desire greater accuracy and delineation of their corporate-operated infrastructure compared with customer-operated infrastructure so that they can be held accountable for the things that they are responsible for protecting. Over the years Bitsight has employed a number of different approaches to address this challenge (including providing the ability for infrastructure service providers to delineate their corporate and customer infrastructure within the Bitsight platform using our free “primary rating” capabilities). We believe this new automated and streamlined approach improves upon these previous efforts and appropriately reflects infrastructure that is under the direct control of the service provider business.
At Bitsight, we are committed to creating the most accurate, meaningful cybersecurity ratings and analytics in the marketplace. We look forward to continuing to work with technology infrastructure service providers to improve our efforts to deliver valuable data and insights to the security and risk leaders, businesses executives, insurers, investors, and governments who rely on our data to understand and remediate cyber risk.
To learn more about our technology infrastructure service provider analytics, reach out to us here.