Every business relies on vendors. The efficiency and specialized expertise they offer make the business proposition too compelling for any organization to ignore.
But along with that expertise and efficiency comes risk. To do their jobs, vendors need access to your internal resources – and often very sensitive resources. This opens the door to a host of security vulnerabilities. Managing this risk involves many disciplines, but Identity and Access Management is perhaps the most fundamental.
Limiting vendor risk with a strong Identity and Access Management Program includes four key steps:
1. Properly grant and remove access.
In today’s fast paced technology driven world, this is a challenge for many organizations. Contractors/partners are constantly moving from position to position and from organization to organization. If you are granting excessive access to contractors/partners this can significantly increase your risk. Additionally, if you are not removing their access after the work has been completed this can also leave you exposed.
2. Identify and control who is accessing your critical information.
When it comes to accounts with privileged access you must ensure access to these accounts is approved, monitored and that the passwords are systematically managed/rotated.
3. Ensure periodic access reviews are performed.
To ensure security processes are in place and operating effectively you must perform periodic access reviews in order to detect inaccuracies in provisioned access. This will ensure access is accurately maintained for your contractors/partners.
4. Ensure access to your IT environment is protected using all means necessary.
This includes things such as requiring complex passwords, multi-factor authentication and proper network segmentation. Without these basic features you are making yourself an easy target for attackers.
In next month’s blog, I’ll discuss some of the products and processes that can give you the ability to accomplish these objectives.
Project/Service Delivery Manager