Chain Reaction — Strengthening the Weakest Link with Third Party Identity Management

Dealing with third parties is an inevitability of modern day business, and so too is the risk of a data breach. Unfortunately, the two often go hand in hand. Organisations are subject to the security of their supply chain, partners and contractors, and need to verify the legitimacy of these third parties. Allowing them external access to your corporate network puts additional strain on IT managers and Sysadmins to maintain business productivity without compromising security.

Distribution warehouse

Businesses must incorporate an additional layer of defence in order to protect sensitive corporate data from the threats posed by potentially less security-minded third parties, and safeguard against the risks they face should hackers find a loophole in existing security processes. Access must be carefully managed and controlled to avoid leaving gaps, which could allow hackers to enter.

Analysis of recent high-profile attacks has shown that malicious hackers are increasingly targeting third-party vendors and supply chain partners, usually because their security policies are less stringent than the target companies they are ultimately trying to access. Breaches such as Home Depot in the US saw hackers use a third-party vendor’s user name and password to acquire elevated rights.

By using an open backdoor, attackers compromise remote access points, steal and exploit privileged credentials, and gain access to targeted networks. Attackers will phish, scam, and social engineer both end-users and privileged users to infiltrate organisations and won’t stop until they find what they are looking for. Once inside they will seek opportunities to elevate privileges, moving laterally through the network, completely circumventing existing company defences such as firewalls in order to reach their goal.

As companies grow, working with more clients and an increasing number of partners, they suddenly find themselves in the middle of a complex supply chain. Being able to manage access privileges, and authenticate users with strong multi-factor authentication is essential.

Unfortunately, there is no sure-fire solution for preventing breaches, but controlling access privileges and authentication for third party users will help protect valuable information. The good news is that Centrify delivers multi-factor authentication (MFA) solutions that support all types of enterprise users — including employees, contractors, outsourced IT, partners and customers — across a broad range of enterprise resources — including cloud and on-premises apps, VPNs, network devices, and cloud and on-premises servers.

Multi-factor authentication requires that a user provide two or more credentials to authenticate themselves. These will include something that the user knows, such as a password; something the user possesses such as a security token; or something the user is, such as a fingerprint or other biometric. Using MFA for authentication across the enterprise reduces risk substantially when compared to simply using a password – a password may be easily guessed but the chances of a hacker cracking a password AND having one of the other factors are quite slim.

MFA Everywhere

Organisations need to understand that their security is only as strong as the weakest link, and if cybercriminals find the weak link a network breach will inevitably follow. With the proper privileged account security controls in place, organisations can provide the network access required for business efficiency while maintaining consistent security across all types of accounts, both internal and external.

See our short video below for a quick explanation of MFA for Privileged Users: