Published: 04 Aug 2015
Third-party vendors have been fingered as the weak link in the chain in recent security breaches. When it comes to identity and access management (IAM), and safeguarding enterprise systems and data, information security professionals can no longer ignore that there are non-employees who -- because of the nature of their work -- must access sensitive corporate data and systems. Yet these same firms, and their employees, are in many ways beyond the direct control of the enterprise security team.
This Beyond the Page edition presents three in-depth looks at managing third-party IAM. In his feature, technical tip and video, security expert Michael Cobb considers the next frontier in IAM: the management of third-party vendors who access your systems and data. He reviews recent breaches and how third-parties proved to be the access way for hackers. He also delves into how IAM policy needs to be revised to address the third-party issue. This Beyond the Page is chock full of valuable and actionable advice on the latest means for protecting the enterprise from hackers and other bad guys.
The right enterprise IAM system is crucial to protecting your systems from lax third-party vendor security measures. In this video, security expert Michael Cobb explains why third-party vendors are a major threat to enterprise security and how enterprise IAM can help.
Is third-party management the next IAM frontier?
The activities of contractors and business partners -- that is, your third-party vendors -- must be monitored carefully when it comes to their access to your systems and data. Learn why IAM for non-employees is something you must consider.
Third-party risk management: Avoid the dangers of weak controls
In order to secure your enterprise's systems and data, you must understand the risks that even trusted business partners present, and adjust your IAM strategy.
About the Author
Michael Cobb, CISSP-ISSAP, is a renowned security author with over 20 years of experience in the IT industry. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. He has also been a Microsoft Certified Database Manager and registered consultant with the CESG Listed Advisor Scheme (CLAS).
Read the full August 2015 edition of Information Security magazine