Businesses today have no shortage of technology options.
The cloud has vastly expanded a company's options when it comes to IT services and applications. It's never been easier to spin up a virtual server in the cloud or roll out an enterprise application to a workforce with little more than a credit card.
Cutting-edge business applications and IT capabilities are more attainable than ever, but they often come at the expense of security visibility.
RiskRecon, a Salt Lake City technology startup, is looking to change this for security-conscious organizations. The company last week announced it had raised $12 million in a Series A round of financing led by Dell Technologies Capital. F-Prime Capital Partners, General Catalyst and Paul Sagan, former CEO of Akamai, also lent their backing.
RiskRecon's software-as-a-service (SaaS) platform offers organizations a comprehensive look at the security posture of third-party providers by continuously monitoring their public IT infrastructures and generating assessments on based on several criteria. It then delivers accurate and comprehensive insights than are otherwise provided by outdated, vendor-provided documentation and security rating services according to the company.
Data security is too important to leave up to word of third-party providers, according to Kelly White, CEO of RiskRecon.
Noting that questionnaires and other documentation can often be spun in a vendor's favor and is tough to verify, White told eSecurity Planet that his company's platform "brings an entirely objective method for evaluating the current security performance of any company. This complements the questionnaire process and enables companies to obtain far more accurate and actionable insights into the actual strengths and weaknesses of each vendor's security performance."
And if a vendor's security somehow falls short or fails to alleviate concerns, "RiskRecon provides the actionable details that enable customers to have constructive dialog with their vendors regarding the specific areas that need to be addressed and remediated," White added.
Additionally, if high-profile "celebrity vulnerabilities" start making the rounds, "RiskRecon provides the only way to rapidly identify which vendors and which specific vendor systems are most likely vulnerable," White added. "Traditionally, enterprises could only hope to obtain this information after long email and phone call outreach programs to every vendor individually."
The company's risk management tech can also help IT organizations weed out unsuitable providers before they take the plunge. "RiskRecon enables enterprise to gather security practices of potential vendors as part of the RFP [request for proposal] scoring process and to establish weaknesses that need to be remedied as part of the contract negotiation," said White.