Download PDF
A Force Multiplier for Third-Party Cyber Risk Management: Blackstone's Case Study
Technology Category
- Platform as a Service (PaaS) - Application Development Platforms
- Sensors - Haptic Sensors
Applicable Industries
- Telecommunications
Use Cases
- Cybersecurity
- Inventory Management
Services
- Cybersecurity Services
The Challenge
Blackstone, a leading investment firm, faced a significant challenge in managing its third-party cyber risk. With a rapidly growing business, a robust vendor ecosystem, and a portfolio of over 100 companies, Blackstone needed a solution that could efficiently and effectively manage its third-party cyber risk. The existing risk management program, initiated in 2012, was based on spreadsheets and phone calls, which was not scalable to keep up with the 4 to 6 new vendors coming on board every month. This challenge was not unique to Blackstone, as their entire portfolio of companies shared the same issue. The companies were using different methodologies to support their risk programs, there was a lot of overlap among common vendors being assessed by multiple companies, and findings from assessments were rarely shared.
The Customer
Blackstone
About The Customer
Blackstone, founded in 1985, is one of the world’s leading investment firms. They seek to create positive economic impact and long-term value for their investors, the companies they invest in, and the communities in which they work. They do this by using extraordinary people and flexible capital to help companies solve problems. Blackstone has a solid ecosystem of over 3,000 vendors, while their portfolio, which includes over 100 companies, has tens of thousands of vendors. As their business grew rapidly, they faced the challenge of managing third-party cyber risk in an efficient and scalable manner.
The Solution
Blackstone turned to CyberGRX's platform to create a more efficient third-party risk management program. The platform provided Blackstone with greater insight into which risks needed to be prioritized for mitigation. It enabled Blackstone to risk rank their vendors, issue appropriately tiered assessments, and get a clear understanding of which third parties posed the greatest risk. The advanced analytics of the CyberGRX platform helped Blackstone prioritize the critical areas of risk and enabled them to have risk-based discussions with their vendors and business partners. Furthermore, once a vendor completed an assessment and posted it to the CyberGRX Exchange, that assessment became available to any one of Blackstone’s portfolio companies who were also using CyberGRX. This significantly reduced the waste and overlap of redundant assessment requests between and among Blackstone and its portfolio.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Vodafone Hosted On AWS
Vodafone found that traffic for the applications peak during the four-month period when the international cricket season is at its height in Australia. During the 2011/2012 cricket season, 700,000 consumers downloaded the Cricket Live Australia application. Vodafone needed to be able to meet customer demand, but didn’t want to invest in additional resources that would be underutilized during cricket’s off-season.
Case Study
SKT, Construction of Smart Office Environment
SK T-Tower is the headquarters of SK Telecom. Inside the building, different types of mobile devices, such as laptops, smartphones and tablets, are in use, and with the increase in WLAN traffic and the use of quality multimedia data, the volume of wireless data sees an explosive growth. Users want limitless Internet access in various places in addition to designated areas.