Federated Privileged Access for Outsourced IT
Privileged Access Management for Third Parties
The need to govern and secure privileged access has grown dramatically as more of today’s businesses outsource functions such as IT administration and rely on vendors to troubleshoot systems and applications. Gartner predicts enterprise IT outsourcing will be a $335 billion industry by 2019. In addition, according to a December 2015 commissioned study conducted by Forrester Consulting on behalf of Centrify, 100 percent of organizations surveyed are outsourcing at least one IT function and at least one application development function.
With massive data breaches making headlines seemingly every day and many of the most high-profile incidents involving third party access, protecting against the leading attack vector — compromised credentials — is top of mind for most organizations. However, traditional privileged identity management solutions require organizations to create and manage identities for outsourced IT administrators within their internal environment and grant VPN access. This practice increases risk as the gap between the number of disconnected privileged accounts and an authoritative identity provider grows, and more laptops establish VPN connections to internal networks. The result is an expansion of potential attack points for hackers, disgruntled insiders and malware.
Centrify’s privileged access for third parties reduces an organization’s identity-related risk by enabling secure remote access for outsourced IT administrators and third party developers to its infrastructure through federated authentication.
The outsourcing service organization retains management of their employee identities, and the customer organization uses Centrify to grant web-based access and privilege for systems and applications. Privileged access to specific resources is governed through automated request and approval workflows, monitoring with optional termination of privileged sessions and reconciliation of approved access versus actual critical infrastructure access.
Businesses can outsource to more than one service organization, while ensuring identity lifecycle management for outsourced IT administrators and developers remains with their employer. This includes disabling their enterprise identity upon employment termination to avoid unauthorized access.
- Minimize potential attack vectors used by hackers, disgruntled workers and malware
- Identity life-cycle management stays with outsourcing service organization
- Govern privileged access with approval workflows, session monitoring & termination and access reconciliation
- Outsource to multiple service entities with a single solution