December 08, 2014//Ellen NeveuxLast Updated: January 12, 2021
Two of the largest data breaches on record, Target and Home Depot, were both caused by the mismanagement of third-party vendor network credentials. This is not a coincidence; this is a trend. VPNs will lead others down this same dangerous road if used for remote support because hackers are focusing on third-party vendors to gain access to their more lucrative targets.
Securing your network from unauthorized access is critical, but it’s equally important to have a comprehensive audit of authorized access as well. How you manage the “keys to the kingdom” directly reflects the overall security of your network.
Third-party vendors need to access their customer’s networks for a variety of reasons, but the method of access needs to be monitored and secure. Remote support software and solutions are used to gain fast access and resolve issues – VPNs and desktop sharing tools are most common. However, if we look at the Home Depot and Target, it becomes clear that the most common solutions are now becoming the problem.
A VPN alternative is necessary to secure any accountability in remote access. Third-party vendors often share their VPN credentials; this limits the ability to track changes and spot irregularities. Many companies rely on a VPN to provide remote access to employees, but a VPN alternative should be used when working with third-party vendors.
Desktop sharing tools are good for collaboration, but during vendor network support they create ghosts that leave no trace. If we learn anything from Home Depot and Target, it should be to pay close attention to both who you give credentials to and how you manage and monitor that vendor’s access.
The below illustration depicts the need for a VPN alternative. Our cartoon is a simple view of the issue, but the simplicity of the current remote access structure is what attracts cyber-thieves. It is necessary to provide access to business partners, but the significance of vendor credential management and accountability is undeniable.
Join the discussion on Twitter.
Looking for a VPN alternative? The answer. Find out the best way to manage vendor access.