The increasing sophistication of technology makes it hard for IT professionals to keep up and be experts in all things technology. From monolithic central IT systems through to new and distributed computing models, it’s harder—and often more expensive—to manage and support everything internally. As such, more outsourcing and use of third-party service providers is taking place. An Ovum research study in late 2013 found that 88 per cent of companies surveyed in Western Europe allowed at least one third party access their network remotely. For one of those businesses surveyed, more than 100 outside companies had access to their IT network.
From a security perspective, this access has to be managed and controlled. However, many organisations don’t have full policies and procedures in place to enforce this control. There are many reasons for this – from lack of visibility of who is actually accessing the network to third-parties using their own remote access tools. Last year’s attack on US retailer Target, which allegedly started when an HVAC vendor’s remote access connection was compromised, has more people thinking about this topic, but it’s a tricky one for many to visualise.
To better explain, let’s use a plumber scenario to create a security visual. If you are anything like me, you can fix a leaky tap but the intricacies of plumbing are beyond you. In this case, bringing in a plumber with specific knowledge is a given. However, consider this: you invite the plumber into your house and then leave him alone to get on with the job. Read more.