Tech Alert: Giving Network Access to a Vendor and How to Handle It
The Internet has changed how we do business. Now if only I had $1 for every time I heard that, the Internet would’ve also changed my tax bracket.
In all sincerity, IT departments have the challenge of keeping your network safe. With the growing number of cyber threats and the amount of data companies are storing today, IT is in a real pickle. Security is of the utmost importance, so it’s scary when a vendor asks for access to your network.
Our team at Accent Computer Solutions, Inc. manages networks for over 100 businesses in Southern California, so we are no stranger to these types of situations. We’re frequently asked about the best way to safely grant network access to vendors.
A process should be set up to determine which vendors – regardless of whether your system is in the Cloud or on-premise - require access and to what. Keep in mind that most vendors won't need access to the whole network.
So, how do you set it up? What’s the best way to communicate to do’s and don’ts to the vendor? Let’s explore how to handle giving network access to vendors.
How to Give Network Access to a Vendor Without Compromising Security
Thanks to the Internet, finding the best talent around doesn’t just mean locally anymore. Many companies have loosened, changed, or gotten rid of their “on-premise” need for employees altogether. Thanks in large part to cloud-based vendors, the global world is now your employee market. But with great access comes great responsibility.
Some vendors will require access to your network and servers to run their software. For them to maintain their product and troubleshoot any issues, access is vital. It’s a delicate balance between security and access when it comes to vendors. Be sure to work with your IT team and vendor to define the right amount of access to your infrastructure.
The Challenge: Security and User Access
What’s the best way to give vendors the appropriate level of access? And how can you do that without compromising security? Based on a study “63% of the 450 data breaches were linked to a third-party component of IT system administration” – Trustwave
And we get it, third-parties like vendors need access. But it’s up to your IT department or managed IT service provider to enforce access policies and monitor activity.
The Solution: Access with Supervision
The best practice would be to only allow a vendor access under your IT team’s supervision. This means that a member of your IT team will monitor the activity that the vendor will perform in your network. This benefits both your company’s security and the vendor.
Your IT supervises the interaction of the vendor and your network. This assures that the vendor is only accessing resources that they need. It also helps make sure that changes that are going to be made will not negatively affect your company.
This, however, is a two-way street, in a great way. The vendor also benefits by having a member of your IT department available. Your IT professional will be able to answer any questions or provide further access if needed.
What About Full Vendor Access to My Network?
You can also provide unsupervised access to your server to a vendor. If you do, there are some precautions you should take to must make sure the remote connection you provide the vendor is secure.
For example, only allow connections that are encrypted. A safe way to do so is with a VPN connection. This allows connection from a particular remote connection only, creating a secure tunnel to your network.
It’s also best practice to create a user account that will expire after a certain period of time. It’s all too common that a user account is created, then forgotten about. This creates a security risk that someone who doesn’t need access anymore can still get in. Setting it up to expire eliminates that risk. If the account expires and they still need it, it’s no big deal to activate it again.
In addition, limit the user permissions so they can only access the things they need. Access to your data should be on a need-to-know basis.
Have your IT department set the ground rules. Vendors who need this kind of access know the drill and will work with you. Be wary if they aren't willing to work with your precautions. Chances are you don't want to work with them anyway.
Last but not least make sure that the access the vendor has is as needed only. It’s better for the vendor to ask for more access than to leave your company exposed.
Whichever way you chose to give a vendor access, make sure that there are policies and steps set in place. Work with your IT department or managed IT services provider to verify and approve vendor access so that the wrong access is not given.
Things change rapidly in the world of tech. We'll keep your business up-to-date on the latest information technology news so you can stay in the know