October 28, 2020//Tony HowlettLast Updated: November 24, 2020
At first, it may seem antithetical to consider deploying a vendor access management system in the cloud. After all, you are trying to provide access for third parties to internal systems, and whether it’s a VPN concentrator or a vendor privileged access management (VPAM) system, these devices typically sit inside or on your DMZ. However, the concept of a hard corporate perimeter has been dissolving for a while and more enterprise resources are now being deployed in the cloud for both cost and efficiency purposes. Is there a way to get these benefits for your vendor access management platform while maintaining all the features, security, and compliance you expect of it?
In this article, we will be reviewing some of these potential benefits of having your vendor access management system in the cloud and how to find platforms that support them. Let’s start by asking some basic questions about what we are trying to achieve with these systems and then explore how a cloud deployment could assist in reaching those goals easier and with lower costs.
This is the first question most people ask. When you say the word “cloud,” most IT folks just shake their heads or quote a long overused maxim that “the cloud is just someone else’s computer.” Very funny and wry, but isn’t that true of much corporate infrastructure these days? Most companies have stopped building their own data centers and instead rely on co-location facilities rented to them, or even the very cloud providers that statement makes fun of. The truth is that cloud systems can be as secure or even more secure than on-premises systems. It all comes down to the best practices, translated for the cloud, that you use for acquisition, deployment and operations of those systems. Many good frameworks exist now for architecting and running secure cloud networks such as the Cloud Security Posture Management (CSPM) practice. And if you think about it, not having to poke holes in your firewalls and DMZ will make your internal systems more secure. Setting up a custom-built cloud network that only does this one thing might actually mean more security for both vendor management and your local LAN.
Regulators have in the past taken somewhat of a jaundiced eye toward cloud systems, and that was mainly because they were new and not as widely used. But just like wireless LAN access, online banking and many other scary new technologies, they have had to accept that this is simply where business (and a lot of government, frankly) is going. In fact, many government systems at the federal, state and local level now reside on cloud infrastructure and they have the FedRAMP standard to regulate it. So, the compliance people have come to grips with the cloud and largely accept it now as just another element to be examined, audited and secured properly. By following the precepts of one of the aforementioned cloud security frameworks and using the features that many compliance regimens require such as multi-factor authentication, privileged access management (PAM), and others, you can definitely stay in the good graces of the authorities with a cloud-based vendor access management system.
Before considering any vendor management system, whether it’s cloud or on-premises, you want to make sure that actually does what it is supposed to. In other words, make sure that it provides third parties with secure, compliant access and does it in a way that makes it easier, not more difficult on your application owners and vendors alike. In the deployment phase, getting these systems situated in the proper place on a DMZ with all the right access and no holes open is often the most difficult part of an implementation. Cloud can vastly simplify this since there is no corporate firewall to bore through and its security and access can be designed to serve only that one purpose. Systems can be brought up instantly when needed versus any kind of requisitioning, racking and other chores that have to be done for physical hardware installations. And if you have multiple locations to deploy to, not having to provision an appliance at each site can mean a much faster delivery on the project.
After deployment, support can be made more efficient by being able to access those systems to provision users, assist them and do all the various maintenance tasks required of these systems from anywhere, anytime. And, finally, it might help improve the performance and uptime statistics of your vendor management system. One of the reasons companies move to the cloud in the first place is the improvements in scale and redundancy they can achieve. Fewer worries about local internet going down, DDoS attacks and server crashes bringing your vendor support to a halt will certainly help administrators of these systems sleep better at night.
At the end of the day, you have to decide which model (on-prem or cloud) best fits your initiatives and constraints. Many will still feel more comfortable with vendor access devices being deployed only within their corporate firewalls. And that is fine, there are still many choices for those folks. And some of the cloud systems offer on-prem options as well so you can phase in any conversion if you use one of those. If you are willing to think outside the box (of your hard perimeter), it’s possible you could find many benefits from a cloud deployment of your vendor access management system. This article originally ran on Security Boulevard.