Every business relies on vendors. The efficiency and specialized expertise they offer make the business proposition too compelling for any organization to ignore.
But along with that expertise and efficiency comes risk. To do their jobs, vendors need access to your internal resources – and often very sensitive resources. This opens the door to a host of security vulnerabilities. Managing this risk involves many disciplines, but Identity and Access Management is perhaps the most fundamental.
Limiting vendor risk with a strong Identity and Access Management Program includes four key steps:
1. Properly grant and remove access.
In today’s fast paced technology driven world, this is a challenge for many organizations. Contractors/partners are constantly moving from position to position and from organization to organization. If you are granting excessive access to contractors/partners this can significantly increase your risk. Additionally, if you are not removing their access after the work has been completed this can also leave you exposed.
2. Identify and control who is accessing your critical information.
When it comes to accounts with privileged access you must ensure access to these accounts is approved, monitored and that the passwords are systematically managed/rotated.
3. Ensure periodic access reviews are performed.
To ensure security processes are in place and operating effectively you must perform periodic access reviews in order to detect inaccuracies in provisioned access. This will ensure access is accurately maintained for your contractors/partners.
4. Ensure access to your IT environment is protected using all means necessary.
This includes things such as requiring complex passwords, multi-factor authentication and proper network segmentation. Without these basic features you are making yourself an easy target for attackers.
In next month’s blog, I’ll discuss some of the products and processes that can give you the ability to accomplish these objectives.
Project/Service Delivery Manager
As Simeio’s Vice President of Product, Abhi is a CyberSecurity leader and product management executive with 10+ years of repeated success in security innovation, helping Fortune 500 companies build industry-leading IT Security capabilities, and grow business value through improved customer engagement with initiatives like digital transformation.
Recognized by industry analysts Gartner for building the world’s most capable Identity as a Service (IDaaS) platform in their 2016 report; Winner of the 2017 Small Business Innovation Challenge in Canada for demonstrating leadership in security innovation for mobile IAM solutions; and member of team that built the market-leading role management product as recognized by Forrester Research & Gartner, by being the first to apply data science principles to CyberSecurity in 2007.