Who has access to your critical enterprise assets? This has become one of the most important questions in cybersecurity today. Beyond who has access, enterprises today must understand what those people are accessing, why they are accessing it and from where they are accessing that information. The answers to these questions can spell the difference between data security and a data breach.
Access is about much more than who is logging into your network. Global supply chains are increasingly complex. As highlighted this year at RSA by Josh Douglas, CTO at Raytheon (News - Alert), the global supply chain is comprised of shared processes and shared technology that distributes products used in creating, sharing and distributing information. The global supply chain has many closely intertwined parts, and it doesn’t seem it will unravel itself anytime soon.
The increasing complexity of the global supply chain means that more third parties, like contractors and partners, may require access to your network. Managing access to clouds, network infrastructure, applications and data is already a challenge for enterprises. And in doing so, third parties become more and more critical to help deploy, control and maintain this transforming and fluid IT landscape.
These days, that third-party access doesn’t just come in the form of people accessing machines; it’s also machines talking to other machines in an automated fashion and the underlying content of those interactions. These connections are proliferating rapidly and must be properly secured to prevent risk.
Though third-party access is a vital reality within the enterprise, managing this access often comes as an afterthought in the industry’s overall security strategies and postures. However, the data would suggest that this topic warrants more attention:
What often happens in a third-party relationship is the “It’s not my job” syndrome, in which each party expects the other to take the primary responsibility for ensuring the security of the access. In reality, like any healthy relationship, security results from the equal, continuous, committed effort of both parties.
Fortunately, answers to this problem are not as complex as they may at first appear. Basic best practices put in place around people, processes and technology can help organizations decrease their risk exposure significantly.
Best practices include:
In an environment where 70 percent of enterprises enter into contracts with external vendors without having conducted any security checks, yet 60 percent of enterprises allow their vendors to have remote access, policies and procedures to regulate this access must be put in place. These policies and procedures must extend across all people, processes and technologies. Supply chains have become global and complex, and the need for vendor access will continue to grow; this further necessitates that the control of this access to these critical systems be treated with heightened vigilance and awareness.