Many organisations around the world are failing at effective access management for third party users, putting them at risk of data breaches, information theft and other vulnerabilities.
A report by identity-centred security firm One Identity polling more than 1,000 IT security professionals found that almost all organisations (94 per cent) grant third party users access to their network, with roughly three quarters (72 per cent) even allowing privileged (administrative or super user) access.
At the same time, almost two thirds (61 per cent) admit they aren’t sure if those users attempted to access unauthorised files, or if they had been successful.
In a fifth of cases (18 per cent) third parties have indeed attempted, or have been successful in accessing unauthorised information.
“Third party users are necessary in the day-to-day operations of most modern organisations; however, if third-party access is improperly managed, the security risk associated with these users is detrimental,” said Darrell Long, vice president of Product Management, One Identity.
“Organisations must recognise that their security posture is only as strong as its weakest link (typically third parties connected to their network), making it absolutely vital that they manage third party identities and access just as they would their own employees’.”
One Identity believes that organisations need to safeguard their data more vigorously by organising privileged access management (PAM) and identity governance and administration (IGA).