Mobile Search Mobile Menu
Abhi Yadav
June 18th, 2015

Every business relies on vendors. The efficiency and specialized expertise they offer make the business proposition too compelling for any organization to ignore.

But along with that expertise and efficiency comes risk. To do their jobs, vendors need access to your internal resources – and often very sensitive resources. This opens the door to a host of security vulnerabilities. Managing this risk involves many disciplines, but Identity and Access Management is perhaps the most fundamental.

Limiting vendor risk with a strong Identity and Access Management Program includes four key steps:

1. Properly grant and remove access.

In today’s fast paced technology driven world, this is a challenge for many organizations. Contractors/partners are constantly moving from position to position and from organization to organization. If you are granting excessive access to contractors/partners this can significantly increase your risk. Additionally, if you are not removing their access after the work has been completed this can also leave you exposed.

2. Identify and control who is accessing your critical information.

When it comes to accounts with privileged access you must ensure access to these accounts is approved, monitored and that the passwords are systematically managed/rotated.

3. Ensure periodic access reviews are performed.

To ensure security processes are in place and operating effectively you must perform periodic access reviews in order to detect inaccuracies in provisioned access. This will ensure access is accurately maintained for your contractors/partners.

4. Ensure access to your IT environment is protected using all means necessary.

This includes things such as requiring complex passwords, multi-factor authentication and proper network segmentation. Without these basic features you are making yourself an easy target for attackers.

In next month’s blog, I’ll discuss some of the products and processes that can give you the ability to accomplish these objectives.

Robert Streets
Project/Service Delivery Manager
Simeio Solutions

RECENT POSTS
I Believe Simeio’s Identity Orchestration is the Key to Unlocking the Cybersecurity Quagmire
Our Changing World Requires an IAM Paradigm Shift
Top 2021 Predictions for Identity Management