Today’s news is filled with data breach stories that stem from security gaps introduced by third-party vendors. This isn’t surprising given that the 2013 Trustwave Global Security Report1 found, “63% of the 450 data breaches studied were linked to a third-party component of IT system administration,” meaning a third party had introduced security deficiencies easily exploited by hackers. What is surprising is how many enterprises haven’t secured how third parties remotely access their networks.
These third parties—including vendors, service providers, independent consultants, contractors, and partners—need access to conduct essential business and IT operations, but access shouldn’t be as simple as “on” or “off”. In order to conduct business safely, IT organizations must be in control of centralized vendor access pathways that allow them to enforce access control policies and record and monitor all third-party activity.
This paper outlines five actions you can take now to improve third-party access security in the future.