Not only do you need to secure data on your own company’s systems, but if you have a partner extranet or your partners store your data on their systems, their security needs to be evaluated as well. Witness this report from the 21 Apr 2009 issue of The Wall Street Journal which details how intruders stole classified information through vulnerabilities in partners’ networks, not the government’s network.
“Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever — according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Force’s air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. … The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet, according to people who have been briefed on the matter. Lockheed Martin is the lead contractor on the program, and Northrop Grumman Corp. and BAE Systems PLC also play major roles in its development.”
Do you know where your data is? Do you have security-specific SLAs with your partners? It’s something that you might want to start thinking about before your data falls into unauthorized hands.