The Hits – and a Few Misses – in Vendor Security Assessments

Logo
Presented by

David Lenoe Sr. Sr. Director of Product Security Adobe

About this talk

Use of 3rd -party cloud technology and service vendors is common to pretty much any business. Maintaining your own security posture requires that you also ensure those vendors are maintaining comparable posture. However, what is the right way to assess a vendor’s security posture? What are the relevant questions to ask and documentation to request? What is not relevant in such an assessment? At Adobe, we are in an interesting position in the industry in that we are both a large technology and service vendor as well as one of the largest consumers of 3rd party technology and services. Through developing our own vendor assessment program, our ongoing work with industry standards groups and consortia, and evaluation of our own security practices by our own customers, we have learned a lot about what to do right with these assessments – as well as a few things that are not quite so productive. Join Dave Lenoe, director of product security for Adobe, as he presents our lessons learned and best practices that can help you develop a successful cloud vendor security assessment program.

Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (867)
Subscribers (54205)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa