DoD Testing A Secure Cloud For Its SMB Contractors
When I read this article, I thought this is a great idea! Securing the supply chain is something that all companies struggle with, but now if the government is going to create a possible solution for SMB’s ability to secure their data this will only aid with competition for government contracts. Most SMB’s that go after government contracts say yes to practically everything, including the questions about whether they are compliant with the cybersecurity requirements spelled out in NIST Special Publication 800-171. Yes, I do it! When in actuality they do not as they hedge their bets hoping that nothing bad happens. But then it does, and the company is in jeopardy.
The government, like companies, really don’t have any repercussions, other than the contractual language, the breach belongs to the biggest name.
This plan by the DoD strives to use a risk-based approach, because not all contractors are created equal. However, if you have an innovative SMB that developing a patented widget for your company, it would be a good idea to help them secure everything relating to that widget. By developing a secured cloud-based space to help their contractors store, access and transmit sensitive data the DoD is helping find a solution. This represents a partner-based approach to 3rdParty Risk that could just work.