One of the operational challenges in regards to IT infrastructure is access to that infrastructure for the vendors that support their software. I once attended a talk by a hospital CISO, and he was asked to name the top 10 things that keep him up at night. Near the top of his list were vendors… without the vendors, it would be nearly impossible to maintain the infrastructure. Many vendor SLA’s require some mechanism for remote access, so the vendor has a method to access the systems and software they support.
In this assignment, discuss methods for giving access to systems to vendors. Among the most obvious are things like VPNs and services such as LogMeIn.com. But what are the risks with using these methods, and how can they be mitigated?
Find and summarize more robust solutions for facilitating vendor access. Look for solutions that have the capability to audit vendor access, require approvals for changes, require encryption, and are easy for the vendor use.