Giving external vendors such as outsourced call centres and managed service providers, access to your internal systems greatly increases the risks of theft of intellectual property and/or damage to company infrastructure (mistakes made while deploying code, configuring systems or assigning user permissions, for example).
These organizations can be:
- Managed service providers (MSPs), in particular, managed security service providers (MSSPs)
- IT outsourcing service providers, frequently referred to as IT providers
- Remote third-party vendors
- Independent auditors and experts
Even trusted vendors with no malicious intent can potentially damage your systems or leave you open to attack. One of the most infamous instances of this type of breach occurred in 2013 to the American chain store, Target, when a supplier caused a network breach. Before Target’s network admins could react, it was too late. Their network security was breached and sensitive financial data was stolen. This issue is particularly acute in the healthcare field. On average, hospitals have about 1.5 times the amount of vendors than employees.
Third-party and contract monitoring is a way to ensure external vendors stay within their scope and are only performing their assigned tasks. This allows for more flexible access without sacrificing security. Having monitoring software eliminates “who did what?” doubts, confirms SLA agreements and eases vendor billing verification. In addition, it can also provide monitoring and auditing as part of the overall risk management and regulatory compliance.