Poll
Laurence Cadieux

Hello! My name is Laurence Cadieux, and I’m a Communication Coordinnator here at Devolutions. My role includes overseeing the content strategy and development of our blog, managing the content and communication for our VIP advocate platform “Devolutions Force,” and working closely with our PR partners around the world. I also handle our off-site content opportunities (magazines, journals, newspapers, etc.). Academically, I have a bachelor’s degree in marketing. When I’m not working, I sing in a band, and I enjoy watching my favorite movies again and again. I also love cooking, and during the pandemic, I became a bread expert — I can now bake the most amazing key lime pie on earth (if I do say so myself!). Plus, I recently discovered LEGO and there is no turning back — I’m hooked! I’m always happy to help, and you can reach me directly at lcadieux@devolutions.net.

August Poll Results: What Tool(s) Do You Use in Your Organization to Manage Third-Party Access?

Table of Contents

The growing reliance on third-party vendors has helped companies cost-effectively drive productivity, performance, collaboration, compliance, and scalability. That’s the good news. The bad news is that it has also increased risk — and many companies are not responding to this. Research has found that:

  • 82% of companies provide third-party vendors highly privileged roles.
  • 76% of companies have third-party roles that allow for full account takeover.
  • Over 90% of cloud security teams were not aware they gave high permissions to third-party vendors.

To address this vulnerability, last month we asked you to share what tools you use in your organization to manage third-party access. As we had hoped, there were many informative responses. Here is a snapshot: (tools with an * were mentioned multiple times):

  • VPNs**
  • Temporary AD access or guest accounts**
  • Citrix**
  • 2FA*
  • Microsoft tools*
  • CyberArk*
  • In-house applications and internal systems**
  • AnyDesk
  • Manufacturer default tools
  • TeamViewer (to monitor third-party access)
  • One-time access (if there is a vendor that supports a product)
  • RSA SecurID
  • Extra support system
  • Logmein.com (for occasional third-part access to a server in need of support from non-organization resources).
  • SSH/RDP connections proxied through Thycotic’s Secret Server launcher with MFA
  • Azure Active Directory B2B
  • Remote Desktop Manager
  • Devolutions Server
  • Netwrix
  • Firewall restrictions
  • DuoMobile

It was also interesting to note that as a matter of policy, some of you:

  • Do not allow third-party access at all.
  • Use locked down static IP addresses from their ISP to give third parties access to on-premises servers for maintenance (third parties cannot access servers in the cloud).
  • Immediately change account passwords after a third party has accessed a machine or server.

The Winners Are…

You’re all winners, because you are taking third-party access risk seriously, and taking steps to mitigate the vulnerabilities — and ultimately keep your company safe.

Now, let’s reveal the two randomly-selected participants who will each win a $25 Amazon gift card. Congratulations to Stephen and Wontollaz! Please email me at dsthilaire@devolutions.net to claim your prize.

Thank you to everyone who participated in the poll, and stay tuned because the September poll is coming very soon.

Related Posts

Read more Poll posts