In today's interconnected world, businesses rely on third-party vendors for various products and services. While these partnerships bring great benefits, they also expose companies to a range of risks such as cyber threats, compliance issues, and reputational damage. In this episode, Tom Fox interviews Paul Valente, the co-founder and CEO of VISO Trust. Paul shares valuable insights into how businesses can mitigate risks posed by third-party vendors, the importance of continuous monitoring, and how VISO Trust's platform helps companies manage risks effectively.
Paul Valente is the CEO and co-founder of VISO Trust, a company that provides automated third-party cyber risk management solutions. Prior to founding VISO Trust, Paul was the Chief Information Security Officer (CISO) at several companies, including Restoration Hardware, Lending Club, and ASAPP. He is a longtime technologist and security professional with experience in highly regulated industries.
You’ll hear Tom and Paul talk about:
- Companies have more sensitive data on other companies' infrastructure than they do internally, which increases risk and augments the need for a robust risk management strategy.
- Boards have a duty of oversight to proactively monitor their third-party risk management programs. They should also keep abreast of emerging threats.
- Automation is a key component in a third-party risk management solution for cybersecurity. The standard approach of using questionnaires to assess third-party security is slow, labor-intensive, and ineffective.
- VISO Trust's patented first-to-market Document Intelligence removes friction for vendors and provides a comprehensive risk assessment that tells customers everything they need to know to make qualified risk decisions about their third-party relationships.
- Compliance requires auditability.
- How VISO Trust helps companies manage risk after the contract is signed.
- Risk management and cybersecurity data is often siloed within an organization. VISO Trust helps centralize the information by providing a dashboard where customers can have complete understanding of their overall third-party risk, and allowing them to make that data available across the organization.
KEY QUOTES:
"There's companies today that have nothing internally - that are 100% cloud native. What that means typically is that there's many copies of their data essentially with various other companies, perhaps all over the world… That just increases what we call a tax service … which just means more risk." - Paul Valente
"I think [boards] need to be asking essentially what the risks are for their organization from a cybersecurity standpoint. They need to ask for those to be regularly reported on, regularly updated, and regularly tracked. …They also need to be aware themselves, both externally as well as relying on the executives within the company to keep them aware of emerging threats." - Paul Valente
"...our dashboards essentially allow you to list all of your third-party relationships in one single place and easily report on the status of assessments as well as report on inherent risk." - Paul Valente
Resources:
Paul Valente on LinkedIn | Twitter
VISO Trust
Innovation in Compliance with Tom Fox 