The Reality of Vendor Security Assessments
A potential solution to ensuring the security of SaaS vendors is to perform rigorous vendor risk assessment and/or to require the highest levels of assurance and security certifications (i.e. Soc Type II, IS0-27000, FedRamp, PCI etc).
This post will cover why vendor security questionnaires, assessments and certifications are important (even for Modern On-prem to ensure that there is a robust and secure SDLC) but often fall short when it comes to data security.
In addition to security questionnaires, we believe that vendor reliability questionnaires are an important part of communication reliability requirements to potential Modern On-prem vendors.