JP Morgan CISO - An Open Letter to Third-Party Suppliers

The post discusses an open letter from the CISO of JP Morgan addressed to third-party suppliers. The author of the post expresses interest in the community's opinions on this topic. They mention their preference for using modern SaaS providers due to their better availability, security, and monitoring, as well as their use of security as a selling point (demonstrating SOC 2, ISO 27001, Zero Trust with Vanta, Drata, SecurityScorecard, etc.). In comparison, they highlight the significant risks associated with closed systems or self-hosting, such as inconsistent patches, low physical security, and internal threats.