What’s the difference between third-party remote access and privileged access?
Caution is needed when granting any user access to your network. But you need to be really careful when providing privileged access to your network. What’s the difference? Third-party remote access is the method with which external users are able to connect with a defined network. Ideally, this connection is secure, controlled, and monitored at all times. However, many enterprises provide VPN credentials to third-party vendors that often provide privileged access. The critical difference is the word “privileged.” Privileged access means the user, wherever they access your network, usually has administrative permission to view or alter important files or systems in your network. Whenever credentials permit access to sensitive data it’s critical that they tightly protect it - even if it’s an inside user. An external user with privileged access presents significantly more risk to your network.
What does good access management look like?
Carefully consider who should be granted privileged access to your system and network content. Privileged users are often hacker targets. Because they have the keys to your system, compromising a privileged user makes it easier to infiltrate your network. To mitigate this risk, ensure vendors never have privileged credentials to your network. Third-party remote access should be controlled and monitored while still allowing timely access to necessary systems to perform support tasks. There are key capabilities that secure vendor access management should include:
Authentication
The first step is making sure the user attempting to access your network is authorized and authenticated. Two-factor authentication should be baked into your access management systems. It demands two independent identity checks that will stifle intruders holding stolen passwords. You want the two factors to authenticate the identity of the user as well as confirm the user has authorized access. Requiring a simple username and password does neither of these.
Access control
As discussed, privileged credentials permit users access to sensitive systems. These should never be handed to vendors. Restricted controls are the only way to securely manage third-party remote access. While some third-parties may need privileged permissions to support their technology on an enterprise network, sweeping access should not be given. Ensure user accounts aren’t shared, and every action is tied to an individual – helping ensure accountability and compliance.
Auditing capabilities
Advanced logging capabilities are essential to track all activity at a granular technician and user level. Extensive audit should report the "Who, What, When, and Where" details necessary to maintain compliance. Remember, there is a difference between a user on your system and someone with privileged system access to sensitive or valuable data and functions. Make sure you know the difference.