The growing reliance on third-party vendors has helped companies cost-effectively drive productivity, performance, collaboration, compliance, and scalability. That’s the good news. The bad news is that it has also increased risk — and many companies are not responding to this. Research has found that:
- 82% of companies provide third-party vendors highly privileged roles.
- 76% of companies have third-party roles that allow for full account takeover.
- Over 90% of cloud security teams were not aware they gave high permissions to third-party vendors.
To address this vulnerability, last month we asked you to share what tools you use in your organization to manage third-party access. As we had hoped, there were many informative responses. Here is a snapshot: (tools with an * were mentioned multiple times):
- Temporary AD access or guest accounts**
- Microsoft tools*
- In-house applications and internal systems**
- Manufacturer default tools
- TeamViewer (to monitor third-party access)
- One-time access (if there is a vendor that supports a product)
- RSA SecurID
- Extra support system
- Logmein.com (for occasional third-part access to a server in need of support from non-organization resources).
- SSH/RDP connections proxied through Thycotic’s Secret Server launcher with MFA
- Azure Active Directory B2B
- Remote Desktop Manager
- Devolutions Server
- Firewall restrictions
It was also interesting to note that as a matter of policy, some of you:
- Do not allow third-party access at all.
- Use locked down static IP addresses from their ISP to give third parties access to on-premises servers for maintenance (third parties cannot access servers in the cloud).
- Immediately change account passwords after a third party has accessed a machine or server.
The Winners Are…
You’re all winners, because you are taking third-party access risk seriously, and taking steps to mitigate the vulnerabilities — and ultimately keep your company safe.
Now, let’s reveal the two randomly-selected participants who will each win a $25 Amazon gift card. Congratulations to Stephen and Wontollaz! Please email me at firstname.lastname@example.org to claim your prize.
Thank you to everyone who participated in the poll, and stay tuned because the September poll is coming very soon.