IT work doesn’t wait for a virus, and with some of your vendors working remotely both now and for the foreseeable future, reviewing how they access your systems is critical to ensuring timely IT work without opening yourself to any security risks. Now is a good time to check up on your vendor security.
Guidelines for a Modern PAM System
These guidelines should sound familiar, since they’re basic features of a modern privileged access management (PAM) system. But they bear repeating:
DO:
- Use multifactor authentication
- Implement robust authorization models
- Perform detailed forensic audits
DON’T:
- Use static passwords
- Lose track of shared passwords
Beyond these points, there are seven steps to securing vendor access, especially when they’re working remotely:
1. Delegate
Choose a trusted individual at each vendor to manage the users from their organization. For example, if you work with Dell, Bravura Security Vantara, Oracle, and Microsoft, you should have four people—one from each—managing the access for their organization.
Make sure the list of users with access remains small at each organization, but otherwise delegate the responsibility for who deserves a place on that list.
2. Authenticate
Don’t just use passwords. Make sure vendor logins are securely authenticated using multiple factors. Your preference should be for app-based multi-factor authentication (MFA). That way, any turnover at the vendor is less disruptive than if users have a physical token they need to return or hand off to another user.
3. Confirm
Another option to authenticate users is to make sure a given user still works for your vendor when they sign in. Send a PIN to the user’s work email, and if they no longer work for the vendor, they won’t be able to access the email, the PIN, or your systems.
4. Request and approve
Vendor users should connect only when you request specific work to be done. Set up a request and approval workflow before allowing vendors to sign in to your systems to ensure you’re aware of every login.
5. Do Not Disclose
Best practice is not to disclose the password unless necessary. Instead, launch the vendor user directly into SSH, RDP, SQL Studio, etc.
6. Monitor
Record all vendor activity in your systems, and if you think it’s necessary, watch in real time. This way you not only have a record of the work completed, you also discourage—or quickly catch—any unauthorized activity.
7. Protect
Don’t let vendors connect their devices to your VPN. Use a proxy, like virtual desktop infrastructure (VDI) or a web browser login. That way you don’t have to vet every device for security because those devices stay outside your network perimeter.
All of these steps are best practices for granting elevated access to third parties and should be in place for all of your vendors. Of course, managing privileged access, especially across potentially dozens of vendors, can be time consuming and difficult. This is where a PAM system can help you simplify the process and ensure security while giving your vendors access to the systems they need to deliver quick and effective service.
Learn more about how PAM systems can support your business.
Related Articles
Are Password Managers Safe and Secure?
In today's ever-changing technological climate, passwords are a double-edged sword. On the one hand, they protect our sensitive data from breaches — on the other,...
Solve the Four Biggest Remote Work Login Problems
Remote work has achieved a new peak so far in 2020. Some62% of employed Americans said they have worked from homeduring the COVID-19 crisis. This large-scale...