Use vendor management audit checklists to identify, monitor, & audit remote access to your network

May 1, 2020

Using outside vendors can be a godsend for many organizations. These third parties provide the ability to scale a business, bring new and vital expertise to bear on problems, and let you concentrate on core competencies. However, vendors can also bring a great deal of risk, especially when it comes to how they access your network and sensitive data. Since vendors are often given the ability to connect to a network through many different outlets, they may be hard to track, and that can leave you vulnerable to a network intrusion by bad actors. Without the right due diligence and cybersecurity solution in place, you can’t really tell how your vendors are connecting to your network, application, or server – and you won’t have the ability to track or audit them properly. For the sole purpose of risk management, it's important to implement internal audits that identify and monitor all third-party vendors who have access to your network. Here's how you can get started.

Vendor risk management audit program priorities

Your business should receive the secure support you need while maintaining control, ensuring industry compliance, and creating audit trails. At the very minimum, your vendor risk management solution should have tools that authenticate, audit, and control access by employees and third-party vendors. You should look for a solution with tools that:

  • Standardize and integrate remote support on one platform
  • Control remote access for all vendors with easy and intuitive tools
  • Ensure compliance with all regulatory and company policies
  • Manage identity and permissions by roles
  • Manage passwords and multi-factor authentication
  • Support complex remote support by vendors and single sign-on (SSO) across platforms
  • Securely manage, rotate, and insert privileged credentials
  • Track and monitor all activity of all users to enable early intervention and accountability
  • Control access across multiple operating systems and devices
  • Enable collaboration and chat among users
  • Integrate with CRM solutions
  • Provide granular, directory-based access controls and scheduling
  • Provide granular command filtering and canned scripts

Use a vendor risk assessment checklist to mitigate risk

In order to mitigate the risks of remote vendor access, and gain better network access control, your organization should take steps to monitor third-party activity in greater detail. In vendor risk assessment, a good first step would be to create a vendor risk assessment checklist, which might include actions such as:

  • Perform a periodic inventory of all remote connections allowed on your network to gain a complete picture of who has access to what parts of your network.
  • Talk to department managers and data owners to fill in any knowledge gaps, to ensure you know where every connection is coming from and going to, and every third-party that’s been granted access
  • Decide which connections should be terminated (for example, for vendors no longer working for your organization), and which should be added, if any
  • Decide which internal processes should be used for provisioning inbound network connections and account setup, find out where the gaps are and how to improve them
  • Determine whether to apply policies for enterprise passwords (plus malware protection, firewalls, and software update checks) to accounts on inbound network connections
  • Review firewall and IDS/IPS configurations and rulesets to find and eliminate dormant ACLs or exceptions put in for vendors or other one-time needs.
  • Decide if any added security standards are needed, then enforce them by using technical controls such as DLP, cloud access security broker, and SIEM technologies.

Audit remote access given to third parties

Once a vendor risk assessment checklist has been agreed upon and put into practice, the next challenge is the day-to-day monitoring of your network and the vendors who have access to it. When it comes to your company’s crown jewels – its data – you want a network that is not just OK; you want the best of the best. Auditing remote access given to new users and vendors should be implemented into your onboarding process in order to keep your network (and all of your data) safe. That is, the goal of a truly secure remote access solution should be to achieve a state of “All-Activity Awareness” – because your data will be the most secure when you can boost the visibility of all remote activity occurring on your network. How do you achieve a state of being the best of the best? By properly auditing remote access to the third parties on your network. The best way to do this is to enlist the help of a vendor management solution that can automatically track each vendor user’s activity with videos and logs of files transferred, commands entered, and services accessed.

Verify vendor access levels on your network

There is an old saying: “Trust, but verify.” While the 20th-century use of this quote was in the context of international relations, it can be applied to 21st-century cybersecurity as well. You may trust your vendors enough to give them access to your network, but you need to verify what they are doing on your network, making sure they are only accessing the resources they require and not exhibiting any signs of suspicious or strange activity. Again, the best way to do this is to have a vendor management program that would verify vendors across multiple levels, roles, and departments. The vendor due diligence process would happen at the beginning of the relationship in which your vendors create usernames and passwords (unique to each vendor user, of course!), which greatly decreases the operational risk of inviting vendors onto your network. This should be added to the vendor onboarding process to simplify things while also ensuring peak cybersecurity.

Implement a secure third-party remote access platform

A proper vendor remote access audit achieves three vital goals:

  1. An ongoing audit ensures accountability and compliance.
  2. An audit trail and access notifications can set off alarms when unusual activity occurs.
  3. Granular audit records provide forensic details in the event of a breach or mistake to help track down the root cause and responsible party or parties.
  • Real-time monitoring: when compliance is a must, you must know which vendors are on your network at all times
  • Maintaining total control: your platform must provide the ability to terminate or take control of third-party activity on your network
  • Tracking individual accounts: clarify the activity of individuals through unique identifiers and secure authentication
  • Creating audit trails: ensure activity reports are thorough enough to create clear accountability

Utilize a high-definition audit

The advantages of an advanced remote access platform, like the one offered by Imprivata, include the ability to record all sessions with a high-definition audit. Some features of a secure audit include:

  • Real-time specific knowledge of each vendor connection, why they are connecting, and the activity associated with each individual user
  • Customizable, contextual labels and tags to identify ticket numbers, requestor, and other organization-specific data.
  • Detailed information on file access, deletion, or information transfers tied to the vendor responsible
  • Review full video recordings of end-user support sessions and remote desktop sharing events
  • View Secure Socket Shell (SSH) commands and supported database activities.

A platform should offer network/IT security audit tools designed to give a total picture of all third-party remote access activity at the individual level. With its detailed audit functionality, organizations can ensure vendor accountability and compliance with industry regulations – and tech vendors can prove the “who, what, where, when, and why” of any remote support session.

The bottom line: increased awareness improves remote access security

A truly aware platform, such as Imprivata’s solution, will always let you know which vendors are accessing your precious company resources and how they are spending time on your network, which is the only way to ensure you’re truly secure. With the platform’s vendor privileged access features, enterprises can manage their vendors’ remote access efficiently and securely, while giving tech vendors just the right amount of access to the applications and systems needed to complete their job – and nothing more. You don’t have to be in the dark any longer. Now you can shine a light on who’s doing what on your network, at all times, to get a complete picture of all third-party activity. To learn more about remote access platforms and how to choose the right platform, check out our brochure that helps you better understand which is the best for you.