Nearly every organization or business tends to focus on what it is they do best and tends to outsource the rest. For example, manufacturing firms don’t tend to also employ plumbers; they leave that to the landlord. High tech firms oftentimes outsource PR to an outside agency. And some organizations even tend to outsource their IT operation entirely. Remote vendors or contractors are an essential part of almost every organization and that’s not going to change anytime soon. The problem with remote vendors is that as a customer, you have little control over the people who work for your vendors or the security policies and controls they have in place. This is even more concerning when you have to give remote vendors privileged access to systems and resources. The anonymity of the remote vendor employees or how they are storing or managing the access credentials that you have given them definitely makes you more vulnerable to a breach. All you need to do is to look at some of the high profile breaches over the last year like Target and Home Depot as evidence of this.
All is not lost though, there are measures you can take to mitigate this vulnerability by putting stronger controls over the access you provide your vendors to your privileged accounts with a Privileged Session Management Solution. Session Management solutions enable you to provide access to remote vendors or even internal users in a secure and controlled manner. These solutions generally:
- Allow privileged access via a remote session based on an approval workflows
- Enable you to restrict what actions the vendor can do while connected to your systems (least privileged access)
- Will record all activity during the session.
Session management solutions can also enable you to view the session while it is active for real-time monitoring. This is helpful as you can watch exactly what the remote vendor is doing while they are doing it and even remotely terminate the session if needed. If you don’t feel the need to watch the session live, the recording are available for forensic replay.
Understanding common remote vendor access types and associated vulnerabilities is the first step in mitigating this risk. Want to learn more about privileged account management market as well as the key vendors and differentiators in the market? Read Gartner’s 2015 Market Guide for Privileged Access Management.