Business people and IT/security folks should be increasingly concerned with employees sharing sensitive internal information with vendors.
We found a great slideshow featuring 10 Best Practices for Sharing Sensitive Information with Vendors slideshow plus a link to this interesting report by Deloitte showing, to nobody's surprise, that there is more and more outsourcing going on in the large enterprise, and so more and more data protection is needed in this area.
With respect to point #9 - "Consider putting controls in place to help guard ... your data", put the emphasis on guard.
Vendors are an important part of the supporting ecosystem for any large enterprise. Sharing information is required to make it work, and very often sensitive information is exactly what the vendor deals with for you. That's the value they provide.
The key is to take a policy-driven approach, and avoid heavyweight on-boarding processes that drive the users to work arounds.
Integration with leading vendor databases is also a huge potential win; if you can automatically know that a particular vendor is approved to receive a particular class of data - that's one thing.
We just sent you an email. Please click the link in the email to confirm your subscription!