February 13, 2020//Ellen Neveux
Remote access is critical to any enterprise. However, not all remote access platforms are created equal. Access granted to employees that work offsite is very different than access provided to third parties or vendors. Security is essential in both types of access, but managing remote access for external players should include increased protection protocols and dedicated connection tools.
Vendors require remote access to support their technology on their customer’s networks. Many companies use either virtual private networks (VPNs) or Remote Desktop Protocol (RDP). VPNs provide encrypted access between a remote user and your network. With desktop sharing software, you can gain access to a remote computer—like a mirror image of your computer for use at home. With RDP, you can access your files and use capabilities on that remote computer. A VPN only provides access to the network.
While desktop sharing provides access and a VPN provides some level of security, neither are seamless or secure when it comes to third-party remote support. These options solve different problems, but it’s important that you use the right tool for the job to ensure security and regulatory compliance.
An enterprise that provides its third-party tech vendors with remote access through a VPN will find those vendor support reps with more access than they need. Furthermore, VPN credentials are easily shared, leading to unwanted, unknown users with access to sensitive systems.
Sharing credentials is a critical element to consider when deciding on what tool to use for remote access. For a large company, it is difficult to track the employment status of a vendor’s entire support team. When an employee or contractor no longer works for a vendor, if VPN credentials are shared that former employee could walk out the door with access to your network.
Now, don’t get us wrong– VPNs have a time and place at many businesses. In fact, we use them here at SecureLink all the time. If I, or any internal employee, needs to connect back to a server or network, we use our VPN to do just that. So, VPNs are great for internal employee access, but aren’t made for external vendors.
Desktop sharing tools do provide fast access; however, when it comes to third-party remote access, efficiency and security can get lost. For example, technology vendors frequently need to access a client’s computer. If the client allows unattended access, security is compromised. If the client decides to manage security and provide only attended access, a work slowdown for both parties often occurs. In other words, simple desktop sharing tools do not provide granular access controls to provide the level of network security needed for vendors and third parties.
With both VPN and desktop sharing, the basic auditing provided usually doesn’t meet the requirements for regulated industries (like HIPAA and CJIS). In addition, they don’t give you a complete view of who is accessing your network and exactly what systems or files were sourced. In other words, if something bad happens (like a data breach or ransomware attack) and the hacker or bad actor got access through a vendor login, you have no way to track that back to the actual vender. Instead, using and investing in a single, secure platform solves the problems created by VPNs and desktop sharing while still giving you fast, secure access.
Find a platform that serves both enterprise and technology vendors that makes secure remote access a reality. Vendors want fast and secure access without the burden and liability of managing multiple network credentials. Remote support is simple and secure while providing enterprises with complete visibility and control of who is on their network and where they go.
While VPN and desktop sharing tools work great for their intended purposes—they are not secure or efficient tools for third-party remote access. If third parties are accessing your network, whether you’re using a VPN, a vendor-supplied support tool, or a Privileged Access Management (PAM) solution to manage network vendor access, the limitations of those tools leave you vulnerable to breaches. Download our brochure that highlights the importance of having a separate software platform specifically to manage vendors’ privileged access to systems, networks, and applications.