Security Practices to Seek in Business Partners

With security at the forefront of everyone’s minds today, it is important for businesses to vet the security practices of potential business partners. It is imperative that business owners do their due diligence as it pertains to the security of the data they collect.

There are big name companies which have some fantastic security practices, and there are some whose security practices may cause you to question doing business with them. When you’re looking at businesses with which to partner, you should investigate their security methods. There are good practices and bad ones, and they absolutely matter. Whether you seek to become a client of a business or to partner with them to provide a combined service to a targeted customer, you should always verify that their security practices meet your expectations.

Because security practices vary from business to business, there are a few generalized methodologies and processes to pay attention to. Companies with strong security practices employ these three things:

  1. Their security is focused on automation and repeatable processes
  2. Security is done by default to help accelerate development and processes, not something that gets in the way.
  3. They invest in security at a level that is innovative

Companies which exhibit these practices include the likes of Google, AWS, Microsoft, Netflix and Hulu. There are more, of course, these are just examples.

On the flip side, there are also companies which do not have good security practices. Sometimes these practices will cause you to question doing business with them, but other times it’s acceptable depending on the situation. Practices done by businesses with subpar security practices have these things in common:

  1. They take information they don’t need (You don’t need to provide your social security number to a social media site, they don’t need it.)
  2. Despite having this information, they often wait to modernize (update) their systems and processes, which means that information is stored in a fragile place that could be exposed if it breaks.
  3. The company may misuse information or misrepresent what they do to ensure security and privacy. This is one of the worst sins because it garners trust from customers and clients in a place where trust isn’t warranted. It’s an ethical issue, these companies are not living up to the trust they are given.

There are a few industries that are the biggest culprits in having security practices that don’t measure up. Many banks, insurance companies and state governments fall into this category, but knowing this doesn’t mean you just don’t do business with them either. Every business needs a bank and an insurance company, and many businesses find it positive to have a solid working relationship with local and state governments. 

When it comes to working with these industries, you just have to know that their security might not be what you want it to be. Rest assured, though, these industries are aware that this is a problem. Updating their systems without causing a major disruption to business is often tricky. But they WANT to keep your information secure, they aren’t bad actors, they are just businesses which have no other option but to move slowly.

Right now, with all of the recent cyberattacks and malicious packages in open-sourced code, security is at the forefront of everyone’s minds. Every business has different needs, so do your research. Find out what security practices other businesses in your industry are doing, dig into the security practices of any business you plan to work with, whether as a client or partner. Make sure you are comfortable with how they run security before you sign anything, and even if you aren’t, double back and ask yourself if the lack of security is an okay trade-off for the benefit provided. 

Securing your own business is squarely on your shoulders, but you also do not want to compromise private and sensitive information through a third party simply because you didn’t know their security was bad. Do your due diligence in all areas of business, including security. And, if you’re unsure of how to vet a company’s security practices, you can always consult a security expert to help!

About the Author

Pieter VanIperen, Managing Partner of PWV Consultants, leads a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. He is a 20-year software engineering veteran, who founded or co-founder several companies. He acts as a trusted advisor and mentor to numerous early stage startups, and has held the titles of software and software security executive, consultant and professor. His expert consulting and advisory work spans several industries in finance, media, medical tech, and defense contracting. Has also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY