Business Issues -> Compliance
By: V Balasubramanian, Marketing Manager - IT Security Solutions, ManageEngine, a division of ZOHO Corp
Published: 13th August 2013
Copyright ManageEngine, a division of ZOHO Corp © 2013
Organizations outsource a part or whole of their IT services to third-party service providers for various reasons such as cost savings, leveraging outside expertise, need to meet business demands quickly, and other critical aspects. Usually, tasks such as software development, network management, customer support, and data center management are outsourced.
Engineers and technicians working with service providers would require remote privileged access to servers, databases, network devices, and other IT applications to discharge their contractual duties. Typically, in outsourced IT environments, the technicians working with the service provider will be located at a faraway place and will access the IT resources of your organization remotely through VPN.
Uncontrolled administrative access—a potential security threat
With remote privileged access that grants virtually unlimited access privileges and full controls to physical and virtual resources, the outsiders virtually become insiders and, in some cases, much more powerful than the real insiders of the organization. Uncontrolled administrative access is a potential security threat, which can jeopardize your business.
A disgruntled technician could plant a logic bomb on your network, create a sabotage, or steal customer information, and cause irreparable damage to your business and reputation. In fact, analysis of many cyber incidents reported in the past has revealed that misuse of privileged access had been the root cause.
So, in outsourced IT environments, controlling privileged access and keeping an eye on the actions on critical IT resources are absolutely essential, both as protective and detective security control against cyber attacks.
Essential security measures for uutsourced environments
These simple security aspects would be difficult to implement without the aid of a proper software solution. Manual approach to consolidating, securing, controlling, managing, and monitoring privileged accounts is not only cumbersome and time-consuming, but also highly insecure.
Preventive & detective security controls through an automated approach
Essentially, you need an automated approach to both privileged access management and privileged session management. You need to consolidate and control all the privileged accounts centrally in a fully automated fashion, ending convoluted manual password management practices. The automated approach should be capable of delivering the essentials as outlined above.
Of course, not all security incidents can be prevented or avoided. However, by taking proper preventive and detective security controls as explained above, you can ensure information security while outsourcing IT.
Posted: 8th October 2013 | By Phillip Presley :
Great article on how to keep information secure when outsourcing. Choosing a type of remote access software that understands the importance of keeping your computer secure can prevent your computer from being hacked by unauthorized users. Thanks for the tips!
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.
All fields must be completed to submit a comment. Email addresses are passed through to the author so they can contact you directly if needed.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761