Vendors Don’t Need to Know your Credentials

August 10, 2015//Ellen Neveux

Last Updated: May 30, 2018

If you want to reduce vendor risks – start by taking back the keys to your network. Vendors can’t compromise credentials they don’t have.

Every time you hand someone the code to your alarm system it becomes less effective. Target and Home Depot learned this lesson the hard way.

Vendors don’t want this liability either; higher profile clients increase their risks. From an operational perspective, managing credentials for every customer is tedious and can delay support efforts.

Remote support and collaboration is essential to any enterprise. Vendors need access to your systems for maintenance, upgrades and monitoring. However, they don’t need unfettered access.

VPNs and desktop sharing tools limit your ability to control and monitor access. Third-party remote access solutions should hide your network credentials and provide single sign-on (SSO) for vendors. Without these capabilities, security is weakened. Vendors could share or store privileged credentials insecurely. This feature also helps to prevent “leapfrogging”, or the process of a technician launching additional connections from within the initial target host. If the technician is never aware of their password, they are prevented from trying to log into other systems with the same account.

Understanding best practices for managing network credentials is a critical element to the health of your company. You spend time, money, and resources to protect your network – don’t hand out the keys to the backdoor.

Looking for a VPN alternative? The answer. Find out the best way to manage vendor access.

Subscribe to the SecureLink Blog.
close close