Managing Remote Access Threats: Employees vs. Third-Party Vendors
Employees and third-party vendors both share the need for remote access, but each group poses unique threats that need to be addressed to keep your network safe and your data secure. Check out this video that includes insights into how you can manage these threats from SecureLink’s CISO, Tony Howlett.
I’m Tony Howlett, Chief Information Security officer of SecureLink and I’m here to talk to you today about the differences in employee remote access versus vendor or third-party remote access.
First of all, when you have an employee who wants remote access you primarily need to deal with giving them access for all the places they might be. This balance often involves a maddening set of often conflicting goals.
Some companies give vendors a single login which provides no clarity as far as which vendor rep does which activity. This is very, very bad.
Typically with employees, you have a single database that you can authenticate to. Basically, that can be easily extended to VPN or whatever technology you use. But vendors, it’s not the same.
They have their own authentication database and that either has to be
integrated into your system, or you have to have a separate authentication mechanism.
Additionally, savvy administrators will want to wall off their network and systems to provide only the exact access needed to limit the amount of damage an ill-trained or even malicious third party vendor employee can do.
SecureLink provides a purpose built solution for vendor privileged access management.