Vendors, consultants, auditors, and even temporary employees can constitute a risk if their access is not properly managed. Controls are needed that will monitor and rein in such third-party identities above and beyond traditional directory services. Again, the common-names trap (“Supplier1”, for example) should be avoided. All users should ideally authenticate with their individual full name, and their access should reflect the least-privilege principle and follow just-in-time (JIT) provisioning — where a user is granted access when they need it for as long as they need it, but not longer.

Read the full story here:

Prefers reduced motion setting detected. Animations will now be reduced as a result.