fbpx
Connect with us

Tech

Protecting the modern workforce requires a new approach to third-party security

Published

on

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Ask any HR leader: they’ll tell you that attracting and retaining employees continues to be a top challenge. While this has never been easy, there’s little doubt that the COVID-19 pandemic (and distributed workforces) have made things even more complex. As you read this article, many workers are actively considering leaving their current roles, which don’t support their long-term goals or desired work-life balance. While organizations attempt to navigate this “Great Resignation,” more than 4 million workers are still resigning every month.

As 2022 marches on, hiring teams face another massive obstacle: global talent shortages. These trends have companies rushing to find creative stop-gap solutions to ensure business continuity in difficult times. It shouldn’t come as a surprise that more companies are relying on third-party vendors, suppliers and partners to meet short-term needs, reduce costs and keep innovation humming. In addition, the rise of the gig economy has more employees entering into nontraditional or temporary working relationships. This trend is particularly prevalent in the healthcare industry, but as many as 36% of American employees have a gig work arrangement in some form, either alongside or instead of a full-time job. 

What’s more, the corporate supplier ecosystem has become exponentially more complex. Amidst the supply chain vulnerabilities revealed by the pandemic, organizations are expanding and diversifying the number of supplier relationships they’re engaging in. Meanwhile, regulators have stepped up efforts to manage these business ecosystems.

In many cases, outsourcing to temporary workers or external partners makes good business sense. Sometimes, given the constraints of the talent pool, there’s simply no other option for a company. Either way, organizations should be aware of the security risks that third parties bring — and the steps they can take to minimize the chances of a breach occurring. 

Third-party security challenges remain prevalent

Bringing a third-party workforce onboard in a rushed way – and without proper governance or security controls in place – leaves organizations open to significant cyber risk. These risks can stem from the third-party users or suppliers themselves or those third parties’ access becoming compromised and used as a conduit for lateral movement, enabling attackers to access the company’s most sensitive data. Sadly, a lack of centralized control over suppliers and partners is all too common, no matter the industry. In many organizations, unlike full-time employees, third-party users are managed on an ad hoc basis by individual departments using manual processes or custom-built solutions. This is a recipe for increased cyber risk.

Take the now-infamous Target breach, which remains among the largest-scale third-party security breaches in history. In this incident, attackers made their way onto the retail giant’s network after compromising login credentials belonging to an employee of an HVAC contractor, eventually stealing 110 million customers’ payment information. 

In today’s world, where outsourcing and remote work are now the norm, third parties require corporate network access to get their jobs done. If companies don’t reconsider third-party security controls – and take action by addressing the root of the problem – they’ll remain open to cyber vulnerabilities that can devastate their business and its reputation.

A pervasive lack of visibility and control

Although reliance on third-party workers and technology is widespread in nearly every industry (and in some, it’s common for an organization to have more third-party users than employees), most organizations still don’t know exactly how many third-party relationships they have. Even worse, most don’t even grasp precisely how many employees each vendor, supplier or partner brings into the relationship or their level of risk. According to one survey conducted by the Ponemon Institute, 66% of respondents have no idea how many third-party relationships their organization has, even though 61% of those surveyed had experienced a breach attributable to a third party. 

Grasping the full extent of third-party access can be particularly challenging when there’s collaboration with outsiders through cloud-based applications like Slack, Microsoft Teams, Google Drive or Dropbox. Of course, the adoption of these platforms skyrocketed with the large-scale shift to remote and hybrid work that has come about over the last two years.

Another challenge is that although an organization may try to maintain a supplier database, it can be near-impossible to ensure that it’s both current and accurate with current technical capabilities. Because of processes like self-registration and guest invites, external identities remain disconnected from the security controls applied to employees. 

Growing regulatory interest and contractual obligations

As incidents and breaches attributable to third parties continue to rise, regulators are taking notice. For instance, Sarbanes-Oxley (SOX) now includes several controls targeted explicitly at managing third-party risk. Even the Cybersecurity Maturity Model Certification (CMMC) explicitly targets improving the cybersecurity maturity of third parties that serve the federal government. The ultimate goal of such regulations is to bring all third-party access under the same compliance controls required for employees so that there’s consistency across the entire workforce and violations can be mitigated quickly.

Today, we expect companies to push their suppliers, vendors and partners to implement more stringent security controls. In the long run, however, such approaches are unsustainable, since it’s difficult, if not impossible, to enforce standards across a third-party organization. Hence, the focus will need to shift to ensuring that identity-based perimeters are robust enough to identify and manage threats that third parties may pose.

Currently, decentralized identity solutions are moving into the mainstream. As these technologies become more widely accepted, they’ll continue to mature. This will help many organizations streamline third-party management in the future. It will also assist companies on their journey toward zero trust-compatible identity postures. Incorporating ongoing security monitoring and implementing continuous identity verification systems will also become increasingly important. 

Five steps to mitigate third-party risk today

Today’s challenges are complex but not unsolvable. Here are five steps organizations can take to improve third-party access governance over the short term.

1) Consolidate third-party management. This process can begin with finance and procurement. Anyone with any contract to provide services to any department in the company should be identified and cataloged in an authoritative system of record that includes information on the access privileges assigned to external users. 

Security teams should test for stale accounts and deprovision any that are no longer needed or in use. In addition, they should assign sponsorship and joint accountability to third-party administrators.

2) Institute vetting and risk-aware onboarding processes. Both the organization and its supplier/vendor need to determine workflows for vetting and onboarding third-party users to ensure they are who they say they are — and that their onboarding process follows the principle of least privilege. Implementing a self-service portal where third-party users can request access and provide required documentation can smooth the path to productivity. Access decisions should be based on risk.  

3) Define and refine policies and controls. The organization — and its vendors and suppliers — should continuously optimize policies and controls to identify potential violations and reduce false positives. Policies and controls must be tested periodically, and security teams should also review employees’ access. Over time, auto-remediation can minimize administrative overhead further.

4) Institute compliance controls for your entire workforce. Look for a third-party access governance solution that will enable consistency across employees and third-party users, especially since regulators increasingly require this. Having access to out-of-the-box compliance reports for SOX, GDPR, HIPAA and other relevant regulations makes it easier to enforce the appropriate controls and provide necessary audit documentation.

5) Implement privileged access management (PAM). Another critical step that organizations can take to boost their cybersecurity maturity is implementing a PAM solution. This will enable the organization to enforce least privileged access and zero-standing privilege automatically across all relevant accounts. 

The world of work will never again look like it did in 2019. The flexibility, agility and access to first-rate talent that businesses gain from embracing modern ways of working make the changes more than worthwhile. And enterprises can realize enormous value within today’s complex and dynamic business relationship and supplier ecosystems. They need to ensure their cybersecurity strategies can keep up by strengthening identity and third-party access governance.

Paul Mezzera is VP of Strategy at Saviynt.

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers

Go to Source

Click to comment

Leave a Reply

Tech

5 reasons you should buy a cheap phone over an expensive one

Published

on

5 reasons you should buy a cheap phone over an expensive one
Moto G22 face down on top of a wall



The Moto G22 on a wall.
(Image credit: Future)

If you’re looking for a new phone, a key consideration is always budget – you want to buy the best phone you can afford. But maybe, even if you’ve got the money for a premium device, you should still opt for a cheap phone.

“Wait,” you’re probably thinking, “are you asking me to spend less than I’m able on my new phone?”  Yes, I am – you’re absolutely right.

You see, despite budget phones being weaker than premium ones in quite a few ways (obviously), there are a few departments in which they actually beat top-end models.

So we’re going to run through some different areas in which cheap phones actually trump their pricier rivals. 

1. It costs less money

Okay, we’ve got to start with the really, really obvious point. A cheap phone is – you guessed it – cheaper than an expensive one.

If you spend less on your phone, you’ve got more to spend on the best power banks, phone cases, charging cables, and so on. Plus, you’ve got extra for non-smartphone things. Y’know: bills, food, transport, and so on.

Smartphones operate on the rule of diminishing returns: a $400 smartphone is not twice as good as a $200 one, and a $1,200 phone isn’t twice as good as a $600 version or four times better in any way than a $300 one.

So if you want the best bang for your buck, a budget mobile will get you there.

Moto G9 Power

The Moto G9 Power has a massive battery. (Image credit: Future)

2. Much better battery life

Phones don’t have great battery life sometimes: when you factor in features like 5G, high refresh rates, top-end processors, and so on, a giant battery can get worn down incredibly quickly.

But you know what cheap phones don’t have? That’s right – any of those features. If a phone is 4G-only, has a low-res screen, and only runs with a middling chipset, it uses the battery at a much slower rate. All of the longest-lasting smartphones are budget ones.

That’s doubly the case when you consider that cheap phone makers like to use huge batteries in their phones – plenty have 5,000mAh power packs. Motorola has even used 6,000mAh ones in some phones, and certain Chinese rugged phone brands have gone even higher.

If you want a long-lasting phone, you’ve got to opt for a cheap handset with fewer features. It also makes such devices reliable for more extended periods.

3. Hardier designs

Glass has become one of the most commonly-used materials for smartphones – it adds to a premium-feeling build and looks good from all angles. 

But you know what glass isn’t? Durable. It can easily smash from an impact like a drop. It’s also slippery, making glass phones harder to hold. Because of this, mid-range and premium phones are more susceptible to damage, even if brands slap silly marketing terms on them like ‘Gorilla Glass Victus’ or ‘Ceramic Shield’.

Cheap phone makers generally stay away from glass. This is mainly because of cost, but it’s beneficial for affordable phone fans because plastic is hardier.

A plastic phone is much more likely to survive a drop or hard knock, letting you avoid the experience of having to get your device repaired as often (or ever, hopefully).

Realme 9 Pro Plus

The Realme 9 Pro Plus has a cool-looking, yet plastic, rear. (Image credit: Future)

4. Cooler chipsets

Cheap phones often have cooler chipsets. No, we don’t mean ‘sunglasses and Tommy Bahama shirt cool’ – we mean temperature-wise.

Premium phones get top-end chipsets, which provide loads of processing power for tasks like games. An annoying side-effect of loads of power, though, is that these chips can get incredibly hot if you use them for long periods.

Counter-intuitively, this means that mid-range chips can be better for gaming if you like playing for extended amounts of time, and don’t need the most top-end graphics available to you.

As you can imagine, budget phones often have weaker internals, so they generally don’t have overheating issues, and are fine for gaming. Plus, in this day and age, you rarely find phones that are slow, even in the lower-cost market.

5. A bigger range of fingerprint scanners

There’s a trend in the premium phone market towards in-screen fingerprint scanners, where the sensor for unlocking your phone is embedded under the display.

This is a fine way of unlocking your device for some, but if you prefer a back- or side-mounted scanner, you’re mostly out of luck at the top end of the market.

That’s not the case for cheap phones, though: you’ll find those digit sensors all over the place in the lower end of the market. Some phones have them in-screen, others have them on one or both sides of the phone, while plenty have the scanner on the back.

So if you like tapping the rear of your phone to unlock it, or caressing the side of the device, instead of just tapping the screen, budget devices are, in fact, the best phones for you.

Tom Bedford

Tom’s role in the TechRadar team is to specialize in phones and tablets, but he also takes on other tech like electric scooters, smartwatches, fitness, mobile gaming and more. He is based in London, UK.

He graduated in American Literature and Creative Writing from the University of East Anglia. Prior to working in TechRadar freelanced in tech, gaming and entertainment, and also spent many years working as a mixologist. Outside of TechRadar he works in film as a screenwriter, director and producer.

Go to Source

Continue Reading

Tech

We’re in love with this leaked Xbox Elite Series 2 controller design

Published

on

We’re in love with this leaked Xbox Elite Series 2 controller design
An Xbox Elite Controller Series 2 in white



(Image credit: Nicholas Lugo)

The Xbox Elite Series 2 wireless controller looks like it’s getting a brand new color variant with a White Edition.

The Xbox Elite Wireless Controller Series 2 has so far only been available in its default black color scheme. But a short clip shared on Twitter (opens in new tab) by leaker Rebs Gaming shows off a new white edition in the flesh.

The clip starts by showing the premium Xbox Series X|S controller’s box. Next, we’re given a look at the controller itself, which wears a clean white-on-black coat.

All the usual Elite Controller bells and whistles are accounted for. That includes the carry case, swappable analog sticks and customizable back paddle buttons. It looks like the genuine article, though we’ve heard nothing from Microsoft to confirm if or when the pad will actually be released.

A sign of pads to come?

Leak: I think this is our first footage of the Xbox Elite Series 2 White Edition controller. A leaked image of the controller was shown by @IdleSloth84 back in March. Source: https://t.co/WfMCEk3FQv#Xbox #XboxOne #XboxSeriesX pic.twitter.com/t97qbaNPCuAugust 8, 2022

See more

Okay, sure, the White Edition isn’t exactly the most daring design Microsoft could’ve chosen for its Elite pad. But it’s nonetheless eye-catching. I think that keeping certain parts of the controller black – like the sticks and grips – is a smart aesthetic choice. They contrast really nicely with the white center.

The Elite Series 2 is an excellent controller. But it’s lacking the one thing that the regular Xbox Wireless Controller has in abundance: color options. We’ve seen countless bold designs for the standard Xbox controller, including an eye-popping special edition for Forza Horizon 5 and a stunning hot pink design. But the Elite hasn’t really had the same treatment yet.

I hope that this new White Edition not only comes to market, but that it’s also a gateway for more ambitious designs for Xbox’s top pad. Seriously, a purple Elite pad would be an instant buy for me, and probably for many others, too.

Rhys Wood

Rhys is Hardware Writer for TechRadar Gaming, and while relatively fresh to the role, he’s been writing in a professional capacity for years. A Media, Writing and Production graduate, Rhys has prior experience creating written content for app developers, IT firms, toy sellers and the main TechRadar site. His true passions, though, lie in video games, TV, audio and home entertainment. When Rhys isn’t on the clock, you’ll usually find him logged into Final Fantasy 14, Halo Infinite or Sea of Thieves.

Go to Source

Continue Reading

Tech

Street Fighter 6 is bringing the ‘80s (and feet) back

Published

on

Street Fighter 6 is bringing the ‘80s (and feet) back

Here come some new challengers. At the end of EVO 2022’s Street Fighter V tournament, Capcom revealed two more characters coming to the roster of Street Fighter 6: Juri, the “I can fix her” returning fighter, and newcomer Kimberly, an ‘80s-obsessed teen.

Kimberly, the spunky new ninja, and Juri, the sadistic thrill-seeker, join #StreetFighter6 when it arrives in 2023! Spray cans, a portable cassette player, and motorcyles have never looked more fresh. ️ pic.twitter.com/Lnw87p27aP

— Street Fighter (@StreetFighter) August 8, 2022

Student of Guy and successor to the bushinryu tradition, Kimberly is spunky and colorful with an affinity for spray painting her enemies midmatch. Though Kimberly is a teenager and Street Fighter 6 seems to be set in the current day, she’s enamored with all things ‘80s, carrying around a cassette player that some younger players probably won’t even recognize.

It’s like Capcom is aware that, in addition to its younger audience, there’s a certain subset of older Street Fighter players rising from their creaking knees and aching back looking at the ‘80s with fondness. In that way, Kimberly is a send-up, a reminder of simpler times. In other ways, she’s a very rude reminder that those happy days are so far behind us now that current teenagers are adopting the aesthetic because it’s quaintly “retro.” Thanks, Capcom, for reminding me I’m old.

Accompanying Kimberly in the character reveal is Juri, a character first introduced in Street Fighter IV. Juri arrives in flashy style with an homage to the Akira slide that’s been having a moment lately, as it was also used to awesome effect in Jordan Peele’s Nope. Juri seems a bit edgier than Kimberly, stomping all over her enemies in bare feet emphasized in ways that would make Bob Odenkirk click “like.” It’s always neat when companies seemingly embrace the thirst players have for its characters.

We’ll get the chance to see more of Juri and Kimberly’s stories when Street Fighter 6 launches on Xbox, PC, and PlayStation in 2023.

Go to Source

Continue Reading
Home | Latest News | Tech | Protecting the modern workforce requires a new approach to third-party security
a

Market

Trending