Third-party remote access risk considerations for the partner community

June 1, 2021

Remote access and connecting into customers' networks are often overlooked vectors of risk.  As a value-added reseller (VAR), your company alone may provide any or all of these connections to your customers:

  • Professional services
  • Migrations
  • Consultants
  • 1099
  • First-line support
  • Managed Service Provider (MSP)
  • Security assessments

All of these connections are purposeful for supporting your customers, and all of these connections/services are potentially coming from just you - one provider. Chances are your customers use many types of third parties. Imagine the sheer quantity of other third parties that are also connecting into your customers’ networks and all the services and connections they provide.

The more remote access connections into your customers’ networks, the greater the risk of a possible data breach. The Ponemon Institute and SecureLink recently published a report to provide data-based insights into the current state of third-party risk, and specifically the risks associated with third-party remote access. The report published some surprising stats about the state of third-party risk:

  • 54% of organizations do not have a comprehensive inventory of third parties that have access to their network
  • 74% of organizations that have experienced a data breach caused by a third party said it resulted from giving too much access to the third party
  • 67% of respondents said their organization does not have visibility into the level of access and permissions internal and external users have

Your customers may experience similar levels of risk and uncertainty. They may be looking to you, their trusted advisor, to help ease some of these uncertainties and become the solution to these problems and risks.  Fortunately, with SecureLink, you would have the power to solve these problems for your customers. Let’s walk through how SecureLink can mitigate these risks and bring higher levels of control and security to your customers: 

  • Not knowing which third-party vendors have access to your network means little to no control over who has access to your critical systems, and no knowledge into what level of access that might be. This is a huge risk, especially since hackers can easily utilize third-party connections to sneak into an access point and attack internal systems. 
  • For those customers who don’t have a comprehensive inventory of their third parties, the SecureLink platform includes a third-party identity and access management solution that’s specifically built for third-party vendor use. It registers each third-party rep who needs access, so an automatic inventory is created. It also authenticates each identity via multi-factor authentication and verifies employment status to confirm each access attempt is valid to enter your customer’s system. 
  • For many organizations, third-party remote access means giving a third party access to an entire network when they really only need minimal access to a certain application or software to do their job. When third parties have access to an entire system, it opens up several gates to areas of an internal network that should be closed off to any external parties.
  • SecureLink implements a Zero Trust model, meaning it only gives access to the exact point in the network that the third-party rep needs to access and nothing more. This least privileged access principle is critical to achieving network security; in fact, it was even mandated in the new Executive Order as a practice for the federal government. 
  • Your customers who don’t keep track of their third parties’ level of access are at risk for letting the wrong reps access the wrong information. Without this visibility, they cannot track who has done what in the network, and if an incident like a security breach occurs, there wouldn’t be any way to track who or what caused the damage. 
  • Complete visibility into network activity is what sets SecureLink apart from other remote access solutions. The SecureLink platform audits all network activity via keystroke logs and video recordings, so you have full visibility into your third-party vendors’ network activity. It can also track the activity back to the user - a feature that helps ensure your customers are in the clear in case a breach resulted from a third party. 

The SecureLink solution allows you and your customers to control who has access to their network and meet the stringent criteria of many highly regulated customers. Our goal is to build up your portfolio of services by making you the security solution your clients need, whether they know it or not. SecureLink was founded in 2003 and supports over 30,000 organizations around the world. We’ve been in the game long enough to know what our product needs to meet the needs of customers. Now, we want to bring that same business value to you and your customers.  If you’re interested in becoming a partner, reseller, or referral for SecureLink, let’s chat. Visit the Partner page to find out more information about our Partner program.