Today’s businesses are increasingly relying on tech services that offer several advantages but also put them at risk when outages occur. A recent outage of the cybersecurity platform SentinelOne was an eye-opening experience. It should teach companies to take a proactive approach to vendor risk management.

What is SentinelOne?

SentinelOne is an advanced cybersecurity platform designed to protect companies from cyber threats. It offers a solution for endpoint protection, threat hunting, and automated responses across various environments, ensuring optimal security. Its AI systems analyze data, identify patterns, predict potential threats, and respond accordingly.

The SentinelOne Outage

The SentinelOne outage occurred on May 29 at about 1:30 PM and lasted seven hours. The company reported that a software flaw was the cause of the outage. Although it prevented customers from viewing vulnerabilities and accessing identity consoles, SentinelOne assured clients their systems were still protected.

The company investigated and determined that the outage was not caused by a security breach or cyberattack. Instead, a software flaw in the infrastructure control system deleted critical network routes and DNS resolver rules, causing most services to go down in all network areas.

SentinelOne is preventing similar issues by transitioning its production systems to a new cloud architecture. The firm is moving from a depreciated control system that contributed to the event when a new account was created. In doing so, it overwrote previously established network settings.

Best Practices for Vendor Risk Management

Companies can prevent disruptions by implementing vendor risk management practices. With the right approach, companies can work with compliant vendors that maintain secure systems. They will protect their brand reputation while benefiting from optimized cost savings and performance.

Here’s what’s involved.

Know the Risks

Vendors are beneficial to businesses, but they can also pose added risks, such as:

• Cybersecurity: Working with a vendor often means sharing sensitive data across multiple systems. Ensure that the vendors you work with prioritize cybersecurity and keeping your information safe.
• Compliance Risks: Compliance measures can vary by industry, but they must be adhered to by both companies and vendors. Working with a noncompliant vendor could result in reputational damage, fines, and penalties for your company.
• Financial Risk: Request background information to verify that your vendors have a strong financial standing. Partnering with a financially unstable company could result in sudden bankruptcy, potentially disrupting service to your customers.
• ESG Risks: Environmental, social, and governance risks are other considerations. Companies put their reputation on the line when working with companies that may be a global threat or are involved with unfair labor practices.

Continuous Assessments

Evolving business landscapes and changes in company policies support the need for continuous assessments. Automation can be used to detect vendor vulnerabilities, such as leaked sensitive information on the dark web. It can also monitor your systems to identify issues that may be linked to vendor activities.

Insightful Intelligence

Companies must gather intelligence from various sources to determine which vendors to work with and decide when to terminate vendor relationships. They can include:

• The Vendor Community: Speak to other vendors and companies that may have utilized vendors you’re considering partnering with to gain insight on their practices.
• Public Sources: Customer and expert reviews will help you determine a vendor’s business health.
• Private Sources: Industry insiders can offer valuable insights into security risks, financial challenges, and other potential red flags.

Compliance Reporting

Companies must gain visibility into a vendor’s level of compliance before entering into a partnership. Experts suggest creating a “pass” percentage threshold against risk. All reporting will compare the company’s activities to that threshold.

Compliance reporting should continue throughout the relationship to ensure smooth sailing.

Ensure Smooth Vendor Offboarding

Vendor risk can continue after terminating relationships. Ideally, vendors should destroy any sensitive data they hold after the relationship ends, as per contractual agreements. However, statistics show that 60% of companies do not consider vendor risks that persist once the contract is terminated.

Companies can safeguard their assets after termination by ensuring that vendors can no longer access their systems. Systems should be audited routinely to verify that vendors have been offboarded per compliance standards. Verify sensitive data has been destroyed by obtaining written confirmation from former vendors.

Want to learn more about minimizing risk for your company? Sign up for our newsletter today.