Speakers:

Allan Alford, CISO, Eclypsium
Tyson Supasatit, Dir. of Product Marketing, Eclypsium

When evaluating vendors, risk management professionals will examine a multitude of external factors: cybersecurity posture, financial stability, compliance issues, and contractual agreements. But when it comes to your IT vendors, you need to factor in the risk inherent in the product that you are buying. 

Listen as Eclypsium CISO Allan Alford explains why external assessments and questionnaires are insufficient for vendors providing your IT infrastructure products. By evaluating the risk of the product itself, you start to transfer the burden of IT security from your team to the vendor.

This can be accomplished with:

• Enriched SBOMs
• Attestation that the vendor uses NIST’s Secure Software Development Framework
• Third-party assurance to examine the risk of the product

The presentation ends with a demo of Eclypsium’s supply chain intelligence offering, which enables organizations to compare the risk of IT products during the procurement process.