Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls

Deepti Gupta; Lavanya Elluri; Avi Jain; Shafika Showkat Moni; Omer Aslan

doi:10.1109/BigData62323.2024.10825025

Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls

Deepti Gupta
, Lavanya Elluri
, Avi Jain
, Shafika Showkat Moni
, Omer Aslan

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

In an era of heightened digital interconnectedness, businesses increasingly rely on third-party vendors to enhance their operational capabilities. However, this growing dependency introduces significant security risks, making it crucial to develop a robust framework to mitigate potential vulnerabilities. This paper proposes a comprehensive secure framework for managing third-party vendor risk, integrating blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions. By leveraging blockchain, the framework enhances the integrity of vendor security audits, ensuring that vendor assessments remain up-to-date and tamperproof. This proposed framework leverages smart contracts to reduce human error while ensuring real-time monitoring of compliance and security controls. By evaluating critical security controls - such as data encryption, access control mechanisms, multi-factor authentication, and zero-trust architecture - this approach strengthens an organization's defense against emerging cyber threats. Additionally, continuous monitoring enabled by blockchain ensures the immutability and transparency of vendor compliance processes. In this paper, a case study on iHealth's transition to AWS Cloud demonstrates the practical implementation of the framework, showing a significant reduction in vulnerabilities and marked improvement in incident response times. Through the adoption of this blockchain-enabled approach, organizations can mitigate vendor risks, streamline compliance, and enhance their overall security posture. Our findings highlight the importance of employing blockchain to enforce security controls and maintain compliance with healthcare regulations such as HIPAA. In this paper, we present a comprehensive set of security controls and demonstrate how blockchain technology enhances their effectiveness, ensuring greater transparency, accountability, and automation in vendor assessments. By reducing human error, enabling real-time monitoring, and validating compliance, blockchain strengthens the overall security and resilience of the third-party vendor ecosystem.

Original language	English
Title of host publication	Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
Editors	Wei Ding, Chang-Tien Lu, Fusheng Wang, Liping Di, Kesheng Wu, Jun Huan, Raghu Nambiar, Jundong Li, Filip Ilievski, Ricardo Baeza-Yates, Xiaohua Hu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	5577-5584
Number of pages	8
ISBN (Electronic)	9798350362480
DOIs	https://doi.org/10.1109/BigData62323.2024.10825025
State	Published - 2024
Event	2024 IEEE International Conference on Big Data, BigData 2024 - Washington, United States Duration: 15 Dec 2024 → 18 Dec 2024

Publication series

Name	Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
ISSN (Print)	2639-1589
ISSN (Electronic)	2573-2978

Conference

Conference	2024 IEEE International Conference on Big Data, BigData 2024
Country/Territory	United States
City	Washington
Period	15/12/24 → 18/12/24

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 3 Good Health and Well-being

Keywords

Blockchain
Risks and Attacks
Security and Privacy
Third Party
Threats
Vendor Assessment

Access to Document

10.1109/BigData62323.2024.10825025

Cite this

Gupta, D., Elluri, L., Jain, A., Moni, S. S., & Aslan, O. (2024). Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls. In W. Ding, C.-T. Lu, F. Wang, L. Di, K. Wu, J. Huan, R. Nambiar, J. Li, F. Ilievski, R. Baeza-Yates, & X. Hu (Eds.), Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024 (pp. 5577-5584). (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData62323.2024.10825025

Gupta, Deepti ; Elluri, Lavanya ; Jain, Avi et al. / Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls. Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. editor / Wei Ding ; Chang-Tien Lu ; Fusheng Wang ; Liping Di ; Kesheng Wu ; Jun Huan ; Raghu Nambiar ; Jundong Li ; Filip Ilievski ; Ricardo Baeza-Yates ; Xiaohua Hu. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 5577-5584 (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024).

@inproceedings{959447cad4e54db7b3302b51ce3d3dee,

title = "Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls",

abstract = "In an era of heightened digital interconnectedness, businesses increasingly rely on third-party vendors to enhance their operational capabilities. However, this growing dependency introduces significant security risks, making it crucial to develop a robust framework to mitigate potential vulnerabilities. This paper proposes a comprehensive secure framework for managing third-party vendor risk, integrating blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions. By leveraging blockchain, the framework enhances the integrity of vendor security audits, ensuring that vendor assessments remain up-to-date and tamperproof. This proposed framework leverages smart contracts to reduce human error while ensuring real-time monitoring of compliance and security controls. By evaluating critical security controls - such as data encryption, access control mechanisms, multi-factor authentication, and zero-trust architecture - this approach strengthens an organization's defense against emerging cyber threats. Additionally, continuous monitoring enabled by blockchain ensures the immutability and transparency of vendor compliance processes. In this paper, a case study on iHealth's transition to AWS Cloud demonstrates the practical implementation of the framework, showing a significant reduction in vulnerabilities and marked improvement in incident response times. Through the adoption of this blockchain-enabled approach, organizations can mitigate vendor risks, streamline compliance, and enhance their overall security posture. Our findings highlight the importance of employing blockchain to enforce security controls and maintain compliance with healthcare regulations such as HIPAA. In this paper, we present a comprehensive set of security controls and demonstrate how blockchain technology enhances their effectiveness, ensuring greater transparency, accountability, and automation in vendor assessments. By reducing human error, enabling real-time monitoring, and validating compliance, blockchain strengthens the overall security and resilience of the third-party vendor ecosystem.",

keywords = "Blockchain, Risks and Attacks, Security and Privacy, Third Party, Threats, Vendor Assessment",

author = "Deepti Gupta and Lavanya Elluri and Avi Jain and Moni, \{Shafika Showkat\} and Omer Aslan",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2024 IEEE International Conference on Big Data, BigData 2024 ; Conference date: 15-12-2024 Through 18-12-2024",

year = "2024",

doi = "10.1109/BigData62323.2024.10825025",

language = "English",

series = "Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "5577--5584",

editor = "Wei Ding and Chang-Tien Lu and Fusheng Wang and Liping Di and Kesheng Wu and Jun Huan and Raghu Nambiar and Jundong Li and Filip Ilievski and Ricardo Baeza-Yates and Xiaohua Hu",

booktitle = "Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024",

}

Gupta, D, Elluri, L, Jain, A, Moni, SS & Aslan, O 2024, Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls. in W Ding, C-T Lu, F Wang, L Di, K Wu, J Huan, R Nambiar, J Li, F Ilievski, R Baeza-Yates & X Hu (eds), Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024, Institute of Electrical and Electronics Engineers Inc., pp. 5577-5584, 2024 IEEE International Conference on Big Data, BigData 2024, Washington, United States, 15/12/24. https://doi.org/10.1109/BigData62323.2024.10825025

Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls. / Gupta, Deepti; Elluri, Lavanya; Jain, Avi et al.
Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. ed. / Wei Ding; Chang-Tien Lu; Fusheng Wang; Liping Di; Kesheng Wu; Jun Huan; Raghu Nambiar; Jundong Li; Filip Ilievski; Ricardo Baeza-Yates; Xiaohua Hu. Institute of Electrical and Electronics Engineers Inc., 2024. p. 5577-5584 (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls

AU - Gupta, Deepti

AU - Elluri, Lavanya

AU - Jain, Avi

AU - Moni, Shafika Showkat

AU - Aslan, Omer

PY - 2024

Y1 - 2024

N2 - In an era of heightened digital interconnectedness, businesses increasingly rely on third-party vendors to enhance their operational capabilities. However, this growing dependency introduces significant security risks, making it crucial to develop a robust framework to mitigate potential vulnerabilities. This paper proposes a comprehensive secure framework for managing third-party vendor risk, integrating blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions. By leveraging blockchain, the framework enhances the integrity of vendor security audits, ensuring that vendor assessments remain up-to-date and tamperproof. This proposed framework leverages smart contracts to reduce human error while ensuring real-time monitoring of compliance and security controls. By evaluating critical security controls - such as data encryption, access control mechanisms, multi-factor authentication, and zero-trust architecture - this approach strengthens an organization's defense against emerging cyber threats. Additionally, continuous monitoring enabled by blockchain ensures the immutability and transparency of vendor compliance processes. In this paper, a case study on iHealth's transition to AWS Cloud demonstrates the practical implementation of the framework, showing a significant reduction in vulnerabilities and marked improvement in incident response times. Through the adoption of this blockchain-enabled approach, organizations can mitigate vendor risks, streamline compliance, and enhance their overall security posture. Our findings highlight the importance of employing blockchain to enforce security controls and maintain compliance with healthcare regulations such as HIPAA. In this paper, we present a comprehensive set of security controls and demonstrate how blockchain technology enhances their effectiveness, ensuring greater transparency, accountability, and automation in vendor assessments. By reducing human error, enabling real-time monitoring, and validating compliance, blockchain strengthens the overall security and resilience of the third-party vendor ecosystem.

AB - In an era of heightened digital interconnectedness, businesses increasingly rely on third-party vendors to enhance their operational capabilities. However, this growing dependency introduces significant security risks, making it crucial to develop a robust framework to mitigate potential vulnerabilities. This paper proposes a comprehensive secure framework for managing third-party vendor risk, integrating blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions. By leveraging blockchain, the framework enhances the integrity of vendor security audits, ensuring that vendor assessments remain up-to-date and tamperproof. This proposed framework leverages smart contracts to reduce human error while ensuring real-time monitoring of compliance and security controls. By evaluating critical security controls - such as data encryption, access control mechanisms, multi-factor authentication, and zero-trust architecture - this approach strengthens an organization's defense against emerging cyber threats. Additionally, continuous monitoring enabled by blockchain ensures the immutability and transparency of vendor compliance processes. In this paper, a case study on iHealth's transition to AWS Cloud demonstrates the practical implementation of the framework, showing a significant reduction in vulnerabilities and marked improvement in incident response times. Through the adoption of this blockchain-enabled approach, organizations can mitigate vendor risks, streamline compliance, and enhance their overall security posture. Our findings highlight the importance of employing blockchain to enforce security controls and maintain compliance with healthcare regulations such as HIPAA. In this paper, we present a comprehensive set of security controls and demonstrate how blockchain technology enhances their effectiveness, ensuring greater transparency, accountability, and automation in vendor assessments. By reducing human error, enabling real-time monitoring, and validating compliance, blockchain strengthens the overall security and resilience of the third-party vendor ecosystem.

KW - Blockchain

KW - Risks and Attacks

KW - Security and Privacy

KW - Third Party

KW - Threats

KW - Vendor Assessment

UR - https://www.scopus.com/pages/publications/85218069019

U2 - 10.1109/BigData62323.2024.10825025

DO - 10.1109/BigData62323.2024.10825025

M3 - Conference contribution

AN - SCOPUS:85218069019

T3 - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

SP - 5577

EP - 5584

BT - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

A2 - Ding, Wei

A2 - Lu, Chang-Tien

A2 - Wang, Fusheng

A2 - Di, Liping

A2 - Wu, Kesheng

A2 - Huan, Jun

A2 - Nambiar, Raghu

A2 - Li, Jundong

A2 - Ilievski, Filip

A2 - Baeza-Yates, Ricardo

A2 - Hu, Xiaohua

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2024 IEEE International Conference on Big Data, BigData 2024

Y2 - 15 December 2024 through 18 December 2024

ER -

Gupta D, Elluri L, Jain A, Moni SS, Aslan O. Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls. In Ding W, Lu CT, Wang F, Di L, Wu K, Huan J, Nambiar R, Li J, Ilievski F, Baeza-Yates R, Hu X, editors, Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 5577-5584. (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024). doi: 10.1109/BigData62323.2024.10825025

Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

Cite this