Rambus, an IT technology licensing company known for its semiconductor and IP products is one of our premiere clients and is an exemplary user of the SecurityScorecard platform.
Rambus – Small but Powerful
Best known for their development of RDRAM, Rambus has been around since 1990 and has stayed nimble but impressively relevant, considering the wave of change that we’ve seen in the technological landscape over the past three decades. The California-based company has around 500 employees and has focused on Big Data, the Internet of Things, mobile, consumer, and media platforms for its products, chips, and interfaces. Quietly powering a number of important companies and industries, Rambus is not showing any signs of slowing down. Because they work with numerous suppliers and because they are suppliers for a number of partners, knowing their own security posture as well as that of their vendors is essential for mitigating risk and reducing their chances of being breached.
Keeping up on security is one of the main tasks for Mark Grimse, the VP of Information Technology at Rambus. In addition to maintaining security with SecurityScorecard, he’s also responsible for Rambus’ global IT strategic direction and execution. Mark boasts an impressive track record, currently sitting on the advisory board for the Fisherman Information Technology Center at UC, Berkeley, and is also the Chairman for the Fisher Silicon Valley CIO Roundtable.
Why vendor visibility and validation is necessary for Rambus’ information security
The biggest asset SecurityScorecard brings to Mark and Rambus is actionable information within a flexible and powerful platform. Mark noted that the SecurityScorecard platform provided a solution in the ‘information vector’, unlike any other solution. This allowed Mark and other Rambus users to take the appropriate actions given the relevant information provided. SecurityScorecard was specifically valuable for Rambus in providing actionable insight into a vendor’s security posture by providing where vulnerabilities were found within a vendor’s network. After Rambus communicates the discovered vulnerabilities with vendors through the platform and work on remediation, Rambus can validate that their vendor’s new security measures are making the right impact on mitigating risk by checking their vendor’s score.
SecurityScorecard proved valuable for critical risk vendors as well as lower-tiered vendors. The platform allowed Rambus to keep true to the ‘trust but verify’ tenet by validating and cross-referencing returned questionnaires and compliance standards such as SIG, SIG-Lite and ISO across their most critical vendors. For lower tiered vendors, the continuous monitoring aspect was enough to ensure that there was no high-risk security issue that needed prompt attention. The combination of these benefits allowed Rambus and his team to stay vigilant and confidently delegate less resource-heavy assessments for their lower tiered vendors while also complementing assessments for their most business critical vendors.
Why on-demand security intelligence is essential for current vendor risk management needs
Because Rambus works with vendors and is also a vendor to many different organizations, they don’t have the time to wait for self-reported security questionnaires or point-in-time vulnerability assessments. Hackers are moving quickly and organizations, as a result, need to move quicker. The biggest tool in facilitating reaction, or ideally, proactivity, is actionable information. As the 2016 Verizon Data Breach Investigation Report notes, half of all exploitations occur between 10-100 days of a vulnerability’s publication. And for over 80% of the cases, a network is compromised in minutes, and exfiltrated in days.
This clearly shows that traditional security assessments aren’t enough when it comes to truly mitigating risk, whether for your own network or your vendor’s network. SecurityScorecard, for all clients, provides security intelligence on-demand for any vendor, partner, or organization. Rambus found that by using SecurityScorecard, they were able to not only complement their traditional security assessments but were also able to share their score with any potential partners as well, ensuring that Rambus, and the vendor, employed the right security measures.