Dave Snyder - Service Provider Risk

It’s the Service Providers You Value the Most That Hurt You the Worst

No man is an island. The same can be said about your business. Your organization relies on countless people for its survival, let alone its success. Ironically, many of these contributors work for someone else. Suppliers, vendors, consultants, contractors, and other service providers deliver tremendous value to organizations. Unfortunately, these service providers also pose significant risk, especially when you exchange PII, PHI, IP, and other sensitive information. While you have state-of-the-art technology solutions that prevent malicious cyberattacks and data breaches, you can’t vouch for your service providers’ security capabilities (or lack thereof). So you may be able to repel attackers at your firewall but you can’t prevent them from island hopping into your organization through your service providers. CISOs mitigate this third party cyber risk to varying degrees. Service contracts, security attestations and continuous oversight are some strategies that CISOs employ. There’s no silver bullet however so CISOs must consider a variety of strategies to protect their intellectual property when it’s shared with service providers.


I recently sat down with Dave Snyder, Chief Information Security Leader for Independence Blue Cross, to learn about one of his biggest concerns. In this video, Dave discusses the challenge of keeping PHI and other proprietary information safe from unauthorized access when it’s shared with so many service providers.

CISO Perspectives is a blog series featuring conversations with chief information security officers from different industries. Each blog features a unique perspective on a variety of topics pertinent to the CISO profession and career. Visit our CISO Perspectives page for more blogs and videos.

Keep Reading about CISO Perspectives

Futurecon - Dallas

CISOs Enable Business Growth With This Strategy

by Laureen Smith
Can you blame the CISO who wants to quash any tool, system, or process that invites risk into the organization? CISOs face embarrassing data breaches and unceremonious terminations when employees connect unauthorized devices and applications...