ThirdPartyTrust and Netskope Integration: Scaling TPRM with Intelligence

Is your third party risk management (TPRM) program request-driven, or intelligence-driven?

This is the question all security operations teams should be asking themselves as technology advances and automates old ways of doing things. In the question above, the former relies on people doing the “right” things to follow the process, usually manually; the latter, however, scales with continuous learning from rich data.

With this approach in mind, ThirdPartyTrust recently announced the integration of our TPRM tool with Netskope, a provider of cloud-native solutions for cloud, data, and network security. The integration provides customers with unrivaled visibility and real-time data on usage of cloud services, websites, and private apps from anywhere, on any device across the network.

As businesses increasingly move to the cloud, the edges of the corporate network extend, and perimeters fade as quickly as the distinctions between work and home. To face the challenges of embracing the cloud (and remote work), organizations need to leverage more intelligence, more automation, and better integrations.

How the ThirdPartyTrust and Netskope integration works

The integration serves multiple use cases:

• Capturing shadow IT records, that is, usage of cloud applications or vendors that security is unaware of.
• Mapping network discovery data into standard third party risk assessment questionnaires.
• Automating impact score and policy action with custom rules, i.e. if a vendor is used by many users and has access to a high amount of data, increase their potential impact on the business.

Netskope automatically exports these rich event logs into the ThirdPartyTrust TPRM platform, so clients can extend their depth of visibility and context. This provides a 360° view of your vendor ecosystem, including third and fourth parties, with inside out perspective and insights into the most prized data and who has access to it.

Netskope intelligence is a force multiplier for your TPRM program, where results can be used to enhance controls and configuration. You will benefit from an authentic risk engine that continuously learns from internal and external data processing (impact, user behavior, service interactions, transactions, etc.).

To leverage this data, ThirdPartyTrust users need to simply click a button to add newly discovered vendors to their managed inventory and overall TPRM process.

Consider a shadow IT use case. Netskope will discover unknown vendors with access to your network and allow you to:

• See how many users in your network are engaging with the vendor
• See how much time your users have engaged with the vendor
• See how much data the vendor has accessed, measured in MBs
• Add the vendor to your actively monitored vendor inventory and subsequent TPRM process (risk assessment, scoring, questionnaires, reassessments, etc.)
• Create a rich data bridge between DevOps, GRC, and IT security, where findings are no longer siloed, but shared to increase collaboration

What is intelligence-driven third party risk management?

Today’s business applications are complex, especially when third and fourth parties come into play. When you assess one vendor, you may need to assess many more to make sure your organization is not exposed to unnecessary risk.

Many areas work toward that same goal, such as GRC, IT Security, DevOps, Operations, and even Legal and Procurement. The problem is these teams only look at one piece of the puzzle when executing their programs, and rarely collaborate. As a result, security and risk data that could be shared and used to understand and prioritize risk across business areas, is siloed.

Only a data-centric approach that’s based on intelligence can empower teams to send and ingest data, metadata, and logs to and from different tools and processes, to improve the overall security of the business and reduce risk across all fronts. That’s what we call intelligence driven third party risk management: one that changes the paradigm providing an inside out perspective, with added visibility and context to risk.

By moving data from one place to another, bi-directionally from Netskope to ThirdPartyTrust, you will be able to:

• Enhance controls and visibility

Gain an inside-out perspective to scale the oversight of your digital supply chain growth.

• Break the security data silo

Create a rich data bridge between Security and GRC teams to work on actionable findings.

• Extend the reach of your network

Solve shadow IT by detecting which applications are being used and by how many users.

With attacks increasingly being sourced in the cloud, organizations are viewing cloud services and endpoints as the most critical control points for security. To enhance your ability to protect endpoints based on cloud discoveries and vice versa, TPRM by ThirdPartyTrust partnered with Netskope to provide comprehensive visibility and control of cloud services, plus adaptive third party risk management controls and automation.

This integration is immediately available to ThirdPartyTrust customers already using the TPRM tool. Aspiring customers, and/or current Netskope customers, can contact ThirdPartyTrust associates to see the integration in action, and begin to learn how it can help their organization.