External vendors, outsourcers, and contractors play a vital and growing role in organizations, but when given access to your network and systems, they can be difficult to monitor and manage. Third-party vendors have been identified as the source of many significant cyber breaches and are a major target for attackers, introducing additional risks and vulnerabilities into your environment.
Many privileged access initiatives focus only on employees with admin credentials, but fail to consider outside contractors or vendors with privileged access. Often these third parties have unfettered VPN access into your networks, making them easy targets for bad actors trying to gain a foothold into your environment.
You’re only as secure as your weakest link. It’s a cliché – but it’s true. Consider the recent revelation about the 2016 breach at Uber: two hackers stole the data of about 600,000 riders and drivers from a third-party cloud-based service.
Practically every organization needs to give third-party vendors privileged access to their network for some aspect of IT or operational tasks. For many, vendors are critical elements of their business operations. It can be challenging to keep track of all vendors and monitor what they are doing on your network, and vendors often feel frustration at the process for getting and maintaining access. Using legacy tools like a VPN gives your vendors more access than they need, opening your organization to vulnerabilities and increasing the attack surface.
Check out this webinar for more insight into shoring up your security posture, including more robust solutions for managing and securing vendor or third-party access, the ultimately and avoid the pitfalls of privileged access.
Sam Elliott, Director of Security Product Management
At Bomgar, Sam is responsible for the product management group that is driving product strategy for Bomgar’s security products. He has more than a decade of information security, ITSM, and IT operations management experience. He also is a seasoned expert in the areas of cyber-security, data center discovery, systems configuration management, and ITSM. Sam has a Bachelor of Science from Florida State University and is certified in ITIL v3 and Pragmatic Marketing. He resides in Atlanta, GA with his family and can be found on twitter @samelliott.