祸起萧墙：来自合作伙伴的安全风险

    我借刚才那个比喻扩展开来讲吧：这家购物中心已落成并且开始运营，但购物中心的老板根本就不知道有哪些人来往这个购物中心，去哪些商店购物，甚至就连这些人是怎么进出的都不知道。正如我们所看到的那样，企业内部这种缺乏深谋远虑的行为使得所谓的“高级持续性威胁（APT）”攻击能够持续存在，甚至加剧。

    作为一名投资者，我和创业者和初创公司共事——比如 BitSight Technologies公司。这家公司认识到，市场对可解读企业产生的数据的工具有着迫切的需求，同时还认识到，现代企业依靠的商业合作伙伴、承包商和供应商这个复杂的网络存在固有风险。

    今后的岁月里，这些工具将会帮助企业将业务从高风险供应商转向低风险供应商；一旦某个商业伙伴沦陷，企业能借助这些工具关闭其IT环境与这个商业伙伴IT环境之间的链接；同时它还能要求行为不端的承包商走人。用《圣经》上的比喻来说：比起预测暴风雨，还是建造诺亚方舟来得更重要。

    本文作者文奇•加纳森是门罗风险投资公司合伙人。（财富中文网）

    译者：iDo98    

    To extend my earlier analogy: The mall is up and running, but the mall owner has no idea who is coming and going, what stores they visit or even how they enter and leave. As we've seen, that myopia within organizations allows so-called "APT" attacks to linger, and fester.

    As an investor, I am working with entrepreneurs and start-up firms, like BitSight Technologies, that recognize the urgent need for tools that can make sense of the data generated by enterprises and the risk inherent in the complex web of business partners, contractors and suppliers that modern organizations rely on.

    In the months and years ahead, these tools will allow enterprises to shift business from high-risk to lower-risk suppliers, shut down links between their IT environment and those of a compromised business partner and show the door to misbehaving contractors. To use a biblical analogy: Predicting rain doesn't count for much. Building arks does.

    Venky Ganesan is a partner with venture capital firm Menlo Ventures.