Jeff Swearingen, Co-founder & CEOThird-party remote access is the greatest risk to enterprise security,” says Jeff Swearingen, the co-founder and CEO of SecureLink, referring to technology vendors that regularly access an enterprise network to provide IT support and services.
SecureLink broadly classifies security threats to the enterprise as insider (employees) or outsider (vendors). Insider versus outsider access presents completely different and unique challenges for enterprise organizations to manage. For example, providing employees remote access with virtual private network (VPN) technology makes sense. However, VPN fails as a secure solution for third-party remote access. Many other security solutions focus on privileged access management and how companies manage their own employees. Subsequently, they are ignoring outsiders and the dangers associated with remote support and third-party vendors that frequently need privileged remote access to an organization’s network.
SecureLink is a purpose-built solution designed to solve the issue of third-party remote access, especially for highly regulated industries like healthcare, retail, government and financial institutions. Third-party vendors present a tremendous risk to enterprise organizations, especially if one of their technicians leaves the company or has her credentials compromised or stolen. This type of security vulnerability creates opportunities for hackers and disgruntled former technicians to do untold damage while on the network. The Target breach in 2013 is a perfect example of this type of event. At the same time, these vendors need to have access to systems and tools while connected to the network in order to perform their designated services.
To allow the right type of network access at the right time by the right person, SecureLink takes a three-pronged approach: Authenticate, Access Control and Audit.
• Authenticate: Through the SecureLink platform, every individual at a technology vendor must be identified and authenticated before he or she can access an enterprise organization’s network.
SecureLink is ready to secure networks when it comes to third-party vulnerability
Authentication methods include two-factor authentication to ensure login information can’t be used if shared or stolen.
• Access control: The SecureLink platform gives the vendor "least-privilege" to ensure access to everything they need and nothing they don't. Permission is granted at the machine and port level
• Audit: SecureLink provides high-definition audit that tracks all activity, including files transferred, commands entered, services accessed, detailed log files, and even video replay of desktop sharing sessions. Audit tracking is tied to the individual user, creating 360-degree visibility for all parties involved.
Compliance is also a critical requirement for enterprise organizations in highly regulated industries. For example, in healthcare, HIPAA and HITECH Act compliance are essential. For retail, PCI compliance is a must. The SecureLink platform has built-in tools to ensure industry-specific compliance by giving businesses the security, visibility, and recordkeeping capabilities they need while providing an easy-to-use interface that lets third-party remote users do their job.
From a security perspective, SecureLink’s goal has always been to raise the bar and not sacrifice security for the sake of ease-of-use. To that end, they have created a platform that is designed specifically for this challenge.
With the threat of network breaches and hacks through third-party remote access on the rise, the platform is in use at some of the largest enterprises and software companies in the world. In the wake of increased hacker activity, “SecureLink is ready to secure networks when it comes to third-party vulnerability through our relentless efforts and vested interest in our client’s business success,” Swearingen says.