Government Technology: Are You Safe from the Third-Party Threat?
by Elizabeth Hulsey •
Much like the private sector, government agencies at all levels are increasingly becoming targets of hackers seeking to obtain sensitive data. Following a series of high-profile government data breaches within the past year, many agencies are expanding their efforts to shore up weak points in their IT networks.
Hackers have turned to a common technique to exploit organizations—targeting those with privileged access such as employees, or vendors and other third parties. Government agencies are extremely reliant on these third parties to conduct their day-to-day operations, making protecting third-party access critical.
In an article in Government Technology authored by Bomgar’s Scott Braynard, the question of how best to provide these third parties access to government IT networks while also maintaining security is addressed:
This issue remains a problem for federal, state and local agencies: To sustain operations, all have the need to provide privileged accounts and internal access to a number of third parties. These groups — including service providers, contractors and vendors — require regular access to government IT networks to conduct essential business and IT operations.
Agencies need to gain better control over these accounts, which are often accessed through legacy tools or even free software that cannot be tracked by IT. Disparate remote access tools create a problem for IT staff, so consolidation of these tools in favor of a single solution can help mitigate many of the issues they may create.
The article concludes with five areas that IT managers and internal auditors within government agencies must address in order to assess whether remote access tools would be a point of failure for the organization.