May 27, 2020//Lindy CainLast Updated: November 19, 2020
It’s no surprise that the use of cloud and web-based environments is on the rise across enterprises. In fact, 94% of enterprises already use a cloud service and a staggering 83% of enterprise workloads will be in the cloud by 2020. Moving business operations and systems to the cloud offers many benefits: more flexibility, reduced costs, and increased stability, just to name a few.
While moving to the cloud can seem like a no-brainer at times, there are things to consider, especially when it comes to providing third parties privileged access to these cloud-based applications.
Providing privileged access to the cloud for internal employees is one thing, but how do you provide this access in a secure way to third parties such as support technicians? Typically, credentials to these web or cloud-based environments are often supplied to the end-user, often in plaintext in an email. This increases the risk that the credential will be shared, lost, or worse, phished. What’s even more eye-opening is that numerous studies point to criminal hackers using stolen privileged credentials as the most damaging and most costly cybersecurity threat facing organizations today.
One option to secure access to web applications is to have your vendors authenticated using a single sign-on (SSO) system. This feature makes removing them quick when they are terminated and easier than having to manually remove them. By federating the authentication process down to your vendor’s directory system, you can add an additional level of protection and streamline this process.
This method has the added benefit of making the removal of terminated vendor reps close to real-time because companies usually remove employees from their directory service as soon as the employee is no longer employed. One consideration of this method is the need for additional management overhead and onboarding since these users will have to be placed in your internal credential directory service.
Credential vaulting keeps all privileged credentials in an encrypted vault, never allowing users to see the username and password. Users check out the right to use the credential, which is then logged and the user is logged into the appropriate system automatically. Credential vaults offer other valuable features such as automatic credential rotation and auditing.
To comprehensively address the unique challenges third-party vendors pose to your business, a vendor privileged remote access platform (VPAM) can be a great option. Look for a VPAM solution that specifically includes the ability to mask and pass credentials to web applications in the cloud. Third-party reps will never know or have access to these web application credentials, which reduces the risk of credential abuse and theft. Since VPAM is specifically designed to handle vendors differently than internal users throughout each stage of access, a VPAM solution is a comprehensive solution that not only keeps your web applications secure but other systems they often need to access as well. To learn more about how a vendor privileged access management tool should allow network admins to granularly control the remote access of third-party users in a way that increases efficiency and reduces security threats. Download our checklist to evaluate the most important aspects of a VPAM platform.