How secure remote access is like going to the airport

August 10, 2020//Kylie Hosken

Last Updated: November 24, 2020

In today’s business environment, remote access to systems, data, and servers is a common and necessary occurrence. This remote access can be for employees, who are working from home or distributed remotely, and it can also be for third parties, such as contractors, technology vendors, business partners, and consultants.

Typical remote access methods: VPNs

While remote access can be provided in a variety of ways, the most common method is via VPNs or virtual private networks. This method works particularly well for employees, known and trusted, who need access to the corporate network to perform their job.

However, while that may be somewhat efficient, the security of this method, and many others, starts to weaken when it comes to third party access.

Granting remote access is like airport security

Providing remote access for third parties via a platform not built for the job (like a VPN, desktop sharing tool, or a hodgepodge of other tools) is similar to what traveling on a plane was like before 9/11: it lacked the necessary authentication, if you will, and control to fully secure that access.

When you hop on a flight these days, there are several processes and points you have to go through before you get to access your plane. You need to provide proof of identification and a boarding pass at several points: check-in, at security, and at your gate. Access within the airport is also tightly controlled: only those who are authorized can go through security, and even past that, you can’t access restricted areas, and you’re only authorized to board your particular plane.

Now imagine that none of those security measures were in place. No need to show an ID or a boarding pass to access the departure area, no security to go through, no security cameras, and anyone could access any part of the airport, or get on board any aircraft they wanted… that’s a security incident that’s just waiting to happen, right?

And yet, that is often the situation companies are creating with providing remote access for their third parties with VPNs. There is no individual authentication with generic, shared credentials, and little to no control and visibility over when and what they can access within the network. This leaves the door wide open to a security incident or breach in just a matter of time.

To fully secure the remote access of your third parties, additional protections beyond what a VPN can provide are needed, like those we currently have at airports today. Specifically, a secure remote access method should:

  1. Identify and authenticate the individual who is accessing your network, and confirm that they have a valid reason for needing access.
  2. Control when and exactly what they can access in your network.
  3. Audit all activity they do with their access.

If you’re realizing you don’t have those key elements in place, but are wondering if it’s worth the effort and investment to make those changes, consider the potential costs of failing to do so. From reputational damages, to regulatory fines, to loss of customer trust, future business, and intellectual property – the costs can be widespread and high. In fact, the average cost of a data breach is $3.86 million. If that weren’t enough, a data breach originating from a third party is both more likely and costly: 59% of data breaches come from a third party, and a data breach that originated via a third party costs an organization an additional $370,000.

In short, you should invest in the proper vendor management tools for secure remote access because you simply cannot afford what’s on the other side of an issue– whether it’s a data breach, ransomware attack, or a third party snooping around your network. To learn more about the increase of data breaches and how using the wrong tool for remote access sets you up for failure, check out our helpful eBook.

close close