While cybersecurity is top of mind, actually knowing whether third-party Software as a Service (SaaS) partners have a plan to protect enterprise data, prevent breaches and remediate vulnerabilities is just part of a day’s work for security, compliance and third-party risk governance programs — assuming the organization itself is in order.
For example, while flying, passengers are reminded that if oxygen masks are released, they have to help themselves before helping whoever is next to them. Security is no different. Ideally, a company should breathe comfortably and safely as part of its own internal security programs before bringing on new SaaS vendors.