CybersecurityEvaluating the IT security posture of business partners

Evaluating the IT security of businesses is increasingly becoming a necessity when forming new business relationships. Cambridge, Massachusetts-based BitSight Technologies has launched a rating service, similar to a credit rating, to measure the security posture of a company based on a number of factors.

BitSight was founded in 2011 by Stephen Boyer and Nagarjuna Venna.

NetworkWorld reports that BitSight’s Partner SecurityRating measures IT security on a scale scored between 250 and 900. One of the main factors in measuring IT security is an analysis of Internet traffic by BitSight sensors to detect whether a company’s IT assets have been exposed to botnets or viruses. Such exposure would indicate that the company’s IT assets have been compromised in some form, resulting in lowering the company’s BitSight IT security score. Other factors used to determine a company’s IT security score include news about a data breach and Web site or social media assets being compromised.

BitSight has gained customers in the financial, retail, and healthcare sectors, though the company decline to mention names.

NetworkWorldnotes that most IT risk analyses are presently conducted in-house through self-scored assessments or periodic audits. BitSight wants to make the process more dynamic and performed by an independent third-party. Requesting a third party assessment provides companies access to average rating scores of industries, including the industry they belong to. Sonali Shah, BitSight vice president of product marketing, says customers get a clear idea of BitSight’s services when the companies receive their own score and assessment. BitSight is not releasing details on pricing, but services are provided on a subscription basis.

BitSight’s technology is focused on assessing the security of Internet traffic associated with a company’s enterprise network, but this limits the assessment of overall IT security. One limitation is that BitSight has no way to measure a company’s risk when exposed to cloud-based services. Shah acknowledges the limitation, and notes that BitSight is seeking partnerships in this area with cloud providers. Network Worldreports that BitSight last June received $24 million in venture-capital funding from investors that include Menlo Ventures, Globespan Capital Partners, Commonwealth Capital and Flybridge Capital Partners. The company also received earlier seed funding which included a National Science Foundation grant.