Compliance for Third-Party scripts on your website and how to ensure it
A guest whitepaper publication by Reflectiz’ Dutch partner Cert2Connect
It has been our privilege to partner with Cert2Connect over the last 12 months. We have discovered that they are one of the most proficient organizations in the cyber-security market. So, it didn’t come to us as a surprise that they released a whitepaper full of important insights. Here is a short summary. Scroll down to download the whitepaper by Cert2Connect
Third party scripts are part of the majority of the websites nowadays. These scripts come with various benefits and provide a website with all kind of functionalities, without having to invent the wheel yourself. However from a security and compliance point of view, there are some major challenges as well.
As the name says, third-party scripts are developed by someone else: in some cases a well-known company like Google, in other cases the scripts are based on open source technology and have no specific owners. Next to that, many of the scripts communicate with external domains, or use third party scripts themselves.
A short example of some of the security and compliance challenges that come to surface when implementing these scripts on your website:
- No control over the external domains that are in communication with the scripts;
- Open source scripts have no owner, so no soft controls can be put in place;
- No real insight for many organization what the exact code is that is running in their website visitor’s browsers;
- Breaches or changes to those scripts or the domains will be very difficult to detect;
- New attack vectors to the website are introduced.
In the attached whitepaper the CTO of Cert2Connect dives into those challenge, discussing why just having soft controls is from both security and compliance perspective is not sufficient, and shows how the Reflectiz solution can help you to gain more control, be more safe and counter the difficult questions from the auditor.
About the author and Cert2Connect
Tiennot van Dilst is a senior security veteran, who has been working in the information security industry since 2000. His broad knowledge and experience include, but is not limited to, conducting security assessments and pentesting and ISO implementation expertise. Tiennot has been a qualified PCI:QSA and was head of delivery for an international security consulting firm, CSO at a hosting provider. He is a security solution implementation and secure software development expert.
Tiennot has been serving as CTO for Cert2connect since 2019. Our mission is to help and support clients in raising their security posture by automating various tasks and visualizing their security status. By doing so, we believe we enable security professionals to look at their own environments in a more offensive manner.
Cert2Connect BV is the go-to party in the field of advanced digital security solutions, security services and cyber security. Cert2Connect helps large companies and SMEs achieve a stronger cyber defense and better security risk management.
Our vision is that cyber security:
1) Should be easy to use and manage;
2) needs to be adaptively based on risk;
3) has to be continuous, automated and effective.
Whether it is on-premise, cloud or hybrid, Cert2Connect’s innovative solutions offer a comprehensive series of advanced functionalities: everything users need in order to be able to do digital business with confidence.