3 Questions to Ask Technology Vendors to Make Sure Data Security is Top of Mind

Katie Higgins
Katie Higgins
Director, Content and Communications, VTS

This article originally appeared in Bisnow.

For commercial real estate firms exploring the benefits of platforms and tools hosted in the cloud, information security is top of mind. It’s important to be completely confident the platform you partner with a) has the proper systems and processes in place, and b) these systems are working properly to keep your data protected. While this due diligence process may be common for larger CRE firms with in-house security resources, it’s likely that smaller firms (for which security is not a core competency) won’t be as certain how to approach data protection.

We put together a list of four key questions to ask potential vendors as you evaluate the level of security they provide for your firm.

1. What are your third-party certifications, reviews and testimonials?

What’s the first thing a customer does when deciding to try out a new restaurant?

Read reviews. Zagat ratings, Yelp reviews, the number of Michelin stars.

It’s the same concept for third-party leasing and asset data storage and management. What verifications and reviews have the applications gone through? It’s easy enough for a company to put a favorable spin on the company’s particular way of storing and managing data.

But trustworthy independent sources will give you the real story.

“It’s important to have a third party or application test or audit the business before the customer. This takes things to the next level,” says VTS director of IT and security Robert Lowry. Third-party security audits specifically of the application—such as an SOC 2—are a great example of this.

Building a rapport between the customer and the cybersecurity team is essential, and establishing positive feedback from other customers is part of that. If a security firm has worked with (and been well-reviewed by) big names in CRE, potential clients can better trust the company is appreciably thorough.

2. How many full-time security staff does your company have?

Maintaining data security is a full-time job, but that doesn’t necessarily mean CRE firms must hire their own security personnel. However, the third-party tech vendor you partner with must be completely focused on security, with full-time employees solely dedicated to this function. The more people who work on security full-time, the safer your data is likely to be, and not having them on staff is a red flag.

“If a technology vendor is serious about information security, full-time security staff is a must,” Robert says.

3. How is your data flow structured?

Clients typically focus on specific technologies when evaluating a vendor’s security. An arguably more important part of your security due diligence is grasping how your information will flow between your internal system and the vendor’s.

How will your data be protected? Who will have access? Where—and how—will the data itself be stored?

“Considering how important data flow is, it’s amazing that it doesn’t come up more often. 70% of due diligence questions don’t focus on this,” says Robert (above, left, speaking with a client). “There are some pretty old-school security questionnaires still floating around, such as ‘Do you have a pandemic plan?’ I applaud vendors who do, but does this really mean they have the right approach to keeping your data safe?”

At the end of the day, data is what a company cares about the most—and sharing confidential data with a third party can be new territory. Understanding what happens with that data is truly the spirit of due diligence. Everything else can be considered “good to know,” but is not critical to the decision-making process.

Katie Higgins
Director, Content and Communications | VTS
Katie Higgins
Katie Higgins is the Director of Content and Communications at VTS. Subscribe to the VTS blog: https://blog.vts.com/
Connect with Katie Higgins

Learn how the world’s leading landlords and brokers use VTS to drive revenue.

Join 10,000+ leasing and asset management professionals who are receiving the best insights in their inbox every week.

Thank you for subscribing!

Get started with our favorite eBook:

The Modern CRE Firm’s Guide to Leasing & Asset Management

Not usingVTSyet?

Request Demo

Sign up for a Free Demo

Walk-thru the features of VTS Retail and see how you can transform your leasing and asset management process.

Thank you for your demo request.

We’ll be in touch with you shortly.
In the meantime, take a peek at our customer stories.

Learn how best-in-class firms accelerated their portfolios with VTS
Learn more