This real estate group creates connected communities worldwide through decades of experience in development, design, placemaking, and construction. UpGuard enables this organization to achieve transparency across its supply chain, manage its third-party vendor risk, and evolve its cybersecurity strategies.
We interviewed their Third-Party Cyber Risk Manager and their Cyber Detection and Response Manager to learn more about their experience with our products.
The Third-Party Cyber Risk Manager’s primary responsibility is to conduct cyber due diligence by overseeing cyber risk assessments, developing and administering vendor risk management procedures, and managing vendor relationships across the company’s supply chain.
The Cyber Detection and Response Manager is responsible for cybersecurity incidents (data leaks, identity breaches, brand protection anomalies, etc.) by conducting investigations, validating risks, performing triage analysis, and working alongside platform owners and stakeholders to mediate solutions and responsibilities.
The Challenge
Before using UpGuard, this customer utilized a manual process to conduct vendor risk assessments and perform due diligence. The procedures within this process were time-consuming and limited in their scope.
Conducting initial vendor scans was a particular challenge for this customer, as their manual process required personnel to spend significant energy evaluating the security posture of potential vendors one by one. The customer also mentioned that before using UpGuard, they could not detect certain vendor risks, leaving their business potentially exposed to third-party vulnerabilities.
“Our previous vendor assessment process required a significant amount of time and also lacked the capability to identify specific types of risks that may be present across our supply chain.”
This customer partners with many vendors to carry out critical business functions and subsequently identified the need for a vendor reporting service that could help them quickly identify the security posture and security hygiene of new and existing vendors.
The Solution
Our customer evaluated several options after identifying the need for a more robust vendor management process. The organization ultimately decided to utilize UpGuard because of its user-friendly interface and ability to quickly streamline the vendor assessment process.
The customer stated that UpGuard’s products and features were highly-flexible, allowing for all of their TPRM needs to be met.
The Third-Party Cyber Risk Manager continually uses UpGuard Vendor Risk to automate, improve, and streamline their vendor assessment process. They utilize UpGuard’s vendor reports to quickly assess and compare vendors during the pre-qualification portion of their approach.
Switching from their manual vendor management process to UpGuard has saved this customer significant time and energy. Furthermore, UpGuard’s instant vendor reports have allowed this customer to strengthen their VRM procedures and accurately assess and compare the security posture of multiple vendors.
“Like any large organization, we rely on many third-party vendors to assist with critical business services. UpGuard’s instant reports are a quick way to conduct vendor screenings, compare vendors, and gather information to decide if we want to work with a vendor.”
The Cyber Detection and Response Manager utilizes UpGuard’s BreachSight to uplift the organization’s overall security awareness, develop a playbook for internal best practices, and communicate to upper management the need for ongoing education and employee training.
The manager has found great value in UpGuard’s data leak detection service, using it to identify potential vulnerabilities and potentially poor security practices across the organization’s attack surface. UpGuard also helped the Cyber Specialist team by providing further clarification and feedback on any findings made.
The Result
Using UpGuard, our customer has strengthened their vendor management process and improved their overall security posture. In addition, UpGuard’s real-time alerts, comprehensive vendor reports, templated security questionnaires, data leak detection, and other features have allowed the customer to save valuable resources and improve their business’s overall cybersecurity efficiency and reputation.
The customer now also utilizes UpGuard’s TPRMS-managed services when confronted with an unexpected volume of requests. UpGuard’s analysts help this organization stay on track as the nature and cadence of its business fluctuate.
“UpGuard’s TPRM analysts are aligned with our vendor management process. It’s like having an additional internal team member conducting assessments for us.”
The customer has also been able to streamline communications using UpGuard. The customer utilizes UpGuard’s messaging channel to communicate with vendors and share real-time updates across personnel within their internal team. This level of communication has allowed the customer to improve business continuity and strengthen relationships across their internal teams and supply chain.
“When a business partner comes to us and says, “Hey, what's the update on this assessment?” we don't have to go and dig up emails. We direct them to the tool, they log in, and they can see the status of when the vendor last responded and all the web communication that has taken place between us and the vendor.”
Since utilizing UpGuard, our customer has taken control of their security presence and fortified their vendor management process. Along the way, UpGuard’s world-class CS team has provided quick support and identified solutions to various TPRM challenges.