Appgate CybersecurityMarch 14, 2022
Third Party Remote Access and the Role of Zero Trust Security
Third parties can leave your network exposed. Implementing Zero Trust security can keep your network safe while maintaining fast, simple and secure access for your vendors and partners.
Organizations rely on partnerships and outside vendors to help their businesses run and often grant third party remote access to make operations more efficient. However, as more third party access is granted, risk increases. It’s not viable to end the partnerships, so how do organizations limit the risk? Third party remote access solutions need to grant vendors entry to the resources they need while limiting opportunity for threat actors to infiltrate a network.
Third party remote access can lead to data breaches
A scan of recent headlines proves that legacy security solutions like virtual private networks (VPNs), network access controls (NACs) and firewalls simply aren’t enough to protect against threat actors attempting to gain entry to your network through vulnerable third party remote access.
According to research by the Ponemon Institute, 51% of businesses experienced a data breach caused by third parties and 66% reported they don’t use least privilege access. However, a leading cause of data breaches is granting too much privileged access to third parties.
The benefits of Zero Trust security
Utilizing Zero Trust security can help safeguard against those types of attacks and provide fast, simple, secure remote access anywhere, anytime for anyone, including third parties. Here’s a look at why it’s so important.
What is third party risk?
Threat actors are evolving their attack methods to target third party supply chain vendors and partners as entry points in an organization’s network. Unfortunately, granting broad third party access can introduce risk to your network when third party security posture and controls don't adhere to the principles of Zero Trust.
According to Gartner, 52% of legal and compliance leaders are concerned about third party cybersecurity risk and 83% of executives say third party risks were identified after initial onboarding and due diligence.
Each third party vendor could potentially offer attackers a direct route to your most sensitive systems. Let’s talk about how a data breach via insecure third party access to your network is typically carried out:
- Cyber attackers identify target third party vendors.
- Cyber attackers then use spear-phishing techniques to acquire those vendors’ credentials for access to the target company’s network.
- Once inside, they look for ways to widen their foothold in their target company’s systems by moving laterally across VLANs. If access is provisioned via VPNs, they may have direct access to the underlying network infrastructure and be able to start scanning for open ports and unsecured devices within seconds.
- Cyber attackers might then spend weeks or months preparing to strike, studying the network’s weaknesses and installing sophisticated malware that could take just as long to detect.
Legacy tools don’t get the job done
We have long advocated #killtheVPN and the inability to reduce third party risk is just one reason why. VPNs treat all users as equal and know them only as an IP address. Users get all-or-nothing access to the entire network because VPNs don’t segment important datasets and resources or restrict access only to specific assets the user needs. A VPN alternative is needed to achieve Zero Trust security for third party remote access.
Ultimately, when it comes to VPNs, the three big security red flags are:
- VPNs have easily scannable open ports
- VPNs base trusted access on the user’s IP address, making it easy to gain access with stolen credentials
- VPNs deliver overprivileged access that can lead to unsanctioned lateral movement
It’s not just VPNs that are the problem. NACs also have shortcomings including:
- Inability to provide fine-grained least privilege access and a reliance on existing network segmentation or VLANs (Virtual LAN)
- Limited ability to make access decisions based on user context
- NACs don’t provide secure, encrypted communications between clients and services
- NACs must be used with another solution (such as a VPN) for remote users, which adds more cost, complexity and administration
- NACs aren’t practical to manage or scale due to the IT administration required to add devices and firewall rules for networks with many diverse users and devices that constantly change
- NACs don’t scale to your cloud environments
And firewalls aren’t any better. They don’t provide any context for users, their credentials or what they’re trying to access. There’s a better way that provides a simple and singular solution instead of layering multiple legacy tools to protect your company’s crown jewels and secure third party remote access.
Zero Trust security delivers secure third party remote access
Zero Trust security is a framework that reverses the antiquated “trust, then verify” approach. It applies least privilege access to users based on the context of their role rather than an IP address. Zero Trust security has gained so much steam that the White House issued an executive order stating that all federal agencies must comply with a Zero Trust architecture. Zero Trust isn’t going anywhere and provides the most secure third party remote access.
What is Zero Trust Network Access (ZTNA)?
Zero Trust Network Access (ZTNA) is the new industry standard for secure remote access and incorporates Zero Trust principles to verify identity, grant entitlements, permit access and monitor for changes. Among its benefits is the ability to cloak a network and hide the gateways that normally allow threat actors lateral movement. It also:
- Strengthens and simplifies access controls
- Reduces your attack surface
- Removes policy management complexity for admins
- Improves end-user experience, including third parties
- Improves operations with integrations and automation
Appgate SDP: A third party remote access solution
Appgate SDP, our industry-leading ZTNA solution, is adaptive, identity-centric and enforces least privilege third party remote access for your vendors, partners or other outside parties in real-time to your network. Benefits include:
- Unauthorized resources are completely invisible
- Connections are secure, encrypted 1:1 between user and resource
- Built like the cloud—massively scalable, distributed and resilient
- Consistent access control across cloud native and hybrid environments
- Better network security than legacy VPNs, NACs and firewalls
- Third party remote access is identity and context sensitive
- Eliminates lateral movements on the network
For more information on how Appgate SDP helps mitigate third party risk, explore these additional resources or register to attend one of our weekly Wednesday live democasts.
Additional third party remote access resources: