When we think about third party risks, we often think of the design firm that has access to the latest product concepts, or the payroll function that handles everyones salary, maybe even the accountancy firm preparing the latest reports.
But it's rare to think of the vendors entrusted to minimise risk, to be a source of risk.
Like the Watchmen, the question is who watches the watchers?
Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital's network. Hindawi was vague about whether the company had live access to the network, but in a blog post late yesterday, he said that the data was from "this particular customer's demo environment" and that Tanium did not—and should not—have remote access to customers' security data except in a very few cases where customers had granted access.