The growing reliance on third-party vendors has helped companies cost-effectively drive productivity, performance, collaboration, compliance, and scalability. That’s the good news. The bad news is that it has also increased risk — and many companies are not responding to this. Research has found that:

  • 82% of companies provide third-party vendors highly privileged roles.
  • 76% of companies have third-party roles that allow for full account takeover.
  • Over 90% of cloud security teams were not aware they gave high permissions to third-party vendors.

To address this vulnerability, last month we asked you to share what tools you use in your organization to manage third-party access. As we had hoped, there were many informative responses. Here is a snapshot: (tools with an * were mentioned multiple times):

  •  VPNs**
  •  Temporary AD access or guest accounts**
  • Citrix**
  • 2FA*
  • Microsoft tools*
  • CyberArk*
  • In-house applications and internal systems**
  • AnyDesk
  • Manufacturer default tools
  • TeamViewer (to monitor third-party access)
  • One-time access (if there is a vendor that supports a product)
  • RSA SecurID
  • Extra support system
  • Logmein.com (for occasional third-part access to a server in need of support from non-organization resources).
  • SSH/RDP connections proxied through Thycotic’s Secret Server launcher with MFA
  • Azure Active Directory B2B
  • Remote Desktop Manager
  • Devolutions Server
  • Netwrix
  • Firewall restrictions
  • DuoMobile

It was also interesting to note that as a matter of policy, some of you:

  • Do not allow third-party access at all.
  • Use locked down static IP addresses from their ISP to give third parties access to on-premises servers for maintenance (third parties cannot access servers in the cloud).
  • Immediately change account passwords after a third party has accessed a machine or server.

The Winners Are…

You’re all winners, because you are taking third-party access risk seriously, and taking steps to mitigate the vulnerabilities — and ultimately keep your company safe.

Now, let’s reveal the two randomly-selected participants who will each win a $25 Amazon gift card. Congratulations to Stephen and Wontollaz! Please email me at dsthilaire@devolutions.net to claim your prize.

Thank you to everyone who participated in the poll, and stay tuned because the September poll is coming very soon.