Enterprises of all sizes rely on multiple vendors to provide necessary services. Some outsource employee payroll and benefits, while others employ a third party to manage point of sale transactions, IT helpdesk, or marketing platforms. A recent study[1]showed that on average, 89 different vendors were accessing the typical enterprise network on a weekly basis, and 71% of respondents expect that their companies will become even more reliant on third parties over the next two years.
Get Your Copy of the Data Center Security Risk Prevention Infographic
In many cases, the use of vendors is a way for companies to maximize efficiency and keep costs low while maintaining organizational agility. However, having too many vendors with various levels of access poses critical risks to the security of the network and the organization as a whole.
Because vendors in your data center are a necessary evil, you should select vendors that can handle multiple facets of your operation, thereby limiting the number of vendors in your data center. Consider your technology partners wisely and choose a trusted company like Maintech that has over 40 years of experience and does extensive vetting.
A fundamental issue with vendor access to enterprise environments is the management and administration of that access. Physical access can be maintained through security systems, cameras, badges, and logs; but when the access involves permissions or credentials to systems or applications, it results in a significant increase in the complexity of access management and administration.
Proper administration of vendor access requires adherence to policies regarding change of personnel, password change requirements, new hire and termination practices and monitoring of activity. This exposure is multiplied each time another vendor is added to the mix.
How can a company with many vendor relationships minimize security risk?
First, security assessment should be a part of the vendor selection process. An employee or representative of the firm should be responsible for conducting a review of vendor security standards, ensuring that they meet basic security requirements before being provided access.
These standards, along with vendor compliance, should be reviewed periodically to ensure continued minimizing of security risks. Reviews of each vendor, along with regular assessments of the areas to which they are granted access, is also important in maintaining a secure environment.
Reducing the total number of vendors reduces overall risk, and can be accomplished by bringing outsourced tasks in house, or by finding a single vendor, such as Maintech, that can deliver a variety of services. Vendor management and security can also be outsourced, to help minimize security risks while easing the burden on the enterprise itself.
[1] https://www.bomgar.com/assets/documents/Bomgar-Vendor-Vulnerability-Index-2016.pdf