The growing reliance on third-party vendors has helped companies cost-effectively drive productivity, performance, collaboration, compliance, and scalability. That’s the good news. The bad news is that it has also increased risk — and many companies are not responding to this. Research has found that:

  • 82% of companies provide third-party vendors highly privileged roles.
  • 76% of companies have third-party roles that allow for full account takeover.
  • Over 90% of cloud security teams were not aware they gave high permissions to third-party vendors.

To address this vulnerability, last month we asked you to share what tools you use in your organization to manage third-party access. As we had hoped, there were many informative responses. Here is a snapshot: (tools with an * were mentioned multiple times):

  •  VPNs**
  •  Temporary AD access or guest accounts**
  • Citrix**
  • 2FA*
  • Microsoft tools*
  • CyberArk*
  • In-house applications and internal systems**
  • AnyDesk
  • Manufacturer default tools
  • TeamViewer (to monitor third-party access)
  • One-time access (if there is a vendor that supports a product)
  • RSA SecurID
  • Extra support system
  • (for occasional third-part access to a server in need of support from non-organization resources).
  • SSH/RDP connections proxied through Thycotic’s Secret Server launcher with MFA
  • Azure Active Directory B2B
  • Remote Desktop Manager
  • Devolutions Server
  • Netwrix
  • Firewall restrictions
  • DuoMobile

It was also interesting to note that as a matter of policy, some of you:

  • Do not allow third-party access at all.
  • Use locked down static IP addresses from their ISP to give third parties access to on-premises servers for maintenance (third parties cannot access servers in the cloud).
  • Immediately change account passwords after a third party has accessed a machine or server.

The Winners Are…

You’re all winners, because you are taking third-party access risk seriously, and taking steps to mitigate the vulnerabilities — and ultimately keep your company safe.

Now, let’s reveal the two randomly-selected participants who will each win a $25 Amazon gift card. Congratulations to Stephen and Wontollaz! Please email me at to claim your prize.

Thank you to everyone who participated in the poll, and stay tuned because the September poll is coming very soon.