Solutions: Vendor Access Control

Home

Products

Solutions

Case Studies

Partners

News & Events

About Us

Solutions

Home » Solutions » Vendor Access Control

Vendor Access Control

Enterprises today must provide access to the critical IT infrastructure and systems by a variety of third parties. This may include hardware and software vendors, outsourced support, independent consultants, and managed service providers. While third parties provide essential services needed to keep vital information systems running smoothly they are, by definition, high-risk users.

The IT administrator is challenged to balance this need for accessibility against the requirements for security, manageability, and control. Traditional methods for providing vendor access include: IPSEC VPN, SSL VPN, modems, and T1 lines. There are even documented cases of the enterprise controlling vendors by having a trusted employee physically "chaperone," or even perform keystrokes dictated to him/her by the high-risk user. These methods are often unsatisfactory and costly, either because they are highly inefficient, or because they leave obvious holes in the security scheme. Companies must answer the following tough questions when considering these options:

A High-Risk User...

• Vendor Access Control
White Paper

• Xceedium GateKeeper for
Vendor Access Control

• Compartmentalized Access
and Leapfrog Prevention

How is overall security for the IT infrastructure compromised by creating a series of "back doors" to be used by vendors?
Regardless of how they are granted access to the infrastructure, how much of the overall network topology (outside his/her authorized area) can each vendor see once inside – and what devices can they access?
What steps can the company take to ensure that these vendors remain in their authorized areas only?
How is simple, centralized control compromised by multiple access points and increasingly complex rules?
Is a patchwork vendor access model even auditable at all? And if not, what compliance risks does this raise, particularly in the US regarding HIPAA and Sarbanes-Oxley regulations?

Fortunately, there is a tidy alternative to the patchwork solutions enumerated above.

Xceedium Entitlement Management Solution

Xceedium GateKeeper provides secure, centralized, policy-based access and control to all IT infrastructure for all users, including vendors, in-house engineers, outsourced support, and other third parties.

Unintrusive, appliance-based solution – Xceedium GateKeeper is an appliance-based solution that can be quickly deployed and easily maintained. This solution is browser-based and minimizes the impact of endpoints.
A more secure model for vendor access – Through its patent-pending access and enforcement technologies, Xceedium provides a new model for vendor access control. Rather than bringing users into the data center (and running the risk of granting "keys to the kingdom"), Xceedium brings services out of the data center to the user's desktop.
Consolidated access via a single, secure point of ingress – Xceedium GateKeeper solves the problem of multiple entry points by creating a single encrypted point of ingress for all users, eliminating illegitimate "back doors". This is enforced by requiring all users to log on via a single browser-based interface.

Vendor Access Control by Xceedium:

Centralized Reporting for Auditors
Single interface to the entire IT infrastructure
Encryption of all access protocols
Identity-based and time-based enforcement
Compartmentalization and containment
Granular access control
Monitoring, Alerting and Remediation
Tracking and Logging of all activities
Secure concurrent access to multiple infrastructures

Got a question? Click here to contact us or call us at 877-636-5803, x149.

Centralized management – Xceedium GateKeeper provides a centralized management point from policy through to enforcement, monitoring, tracking and reporting, and gives companies an easy way to manage individual or groups of vendors. The IT administrator can easily find out what vendors are doing and deliver testing of controls for auditors.
Policy – Vendor policy can be a local store on the Xceedium GateKeeper by individual, group or role or imported from directory engines like LDAP; Active Directory, Open LDAP, etc. Xceedium Gatekeeper also integrates with authentication engines like RSA, Radius, PKI/CAC, etc. From one centralized place the solution virtualizes the heterogeneous infrastructures and ties in all access methods and protocols within a user profile that is presented in a single view, so policy can be easily defined.
A safe access methodology: no footprint, no visibility – Not all users are authorized to access sensitive applications or data that may reside on a particular server (i.e., human resource information, financial data, etc.). Xceedium GateKeeper's access policy, which is based on user profiles, can easily restrict user access to only those applications they require to perform their jobs. Unauthorized areas can be made invisible.
Compartmentalization and granular enforcement – Xceedium GateKeeperÕs unique access method provides the ability to enforce security policies for the entire IT infrastructure. Because access is based on user profiles, vendors and others are only allowed access to devices and systems for which they have authorization, and for specified time periods. They are effectively compartmentalized; they have no visibility into other resources in the infrastructure – hardware, software, or data. Separation of user activities may then be strictly enforced.
Containment / Leapfrog Prevention™ capabilities – Leapfrog Prevention is a patent- pending feature that enables the IT operations manager to give seamless access to areas of the IT infrastructure and systems for which they are authorized, then prevent these people from "leapfrogging" from these authorized systems into other areas of the infrastructure. Based on a customizable white list or black list of key word commands, Xceedium GateKeeper recognizes an unauthorized command and it is not executed. This unexecuted attempt is tracked, and an e-mail alert is sent to the manager identifying the user is that is trying to subvert the security model.
Limited visibility security model – Xceedium GateKeeper creates a security model that allows for precise access control and containment of high-risk users by giving them access to the tools and applications that they require to do their jobs without visibility into the rest of the infrastructure.
Monitoring, alerting and remediation in real-time – Xceedium GateKeeper monitors continually, and allows customers to create a key word list of unauthorized activity. The administrator may be allowed to Telnet into a router. But if he now tries to Telnet out of the router to an unauthorized area of the IT infrastructure, a warning message flashes on his desktop indicating a violation, and the company sys admin or MSSP is also alerted – in real-time. The unauthorized activity will continue to trigger warnings and company alerts and will cycle the session off after a predetermined number of events. Furthermore, patent-pending, prevention technologies actually put "garbage commands" at the keystroke level as the administrator is typing this unauthorized command. This activity is all logged and tracked.
Tracking, logging and session-recording – With Xceedium, customers have the ability to easily see all activities of vendors by day, by device, by violation, etc. Additionally, XceediumÕs patent-pending keystroke logging and session recording capabilities capture a complete picture of what is going on, by vendor, devices, systems, etc., across the entire infrastructure. Xceedium GateKeeper tracks both keystrokes and all the sessions that these keystrokes receive. With a centralized view of all activity and comprehensive tracking of all keystrokes and sessions, companies can cost-effectively maintain vendor accountability and satisfy compliance requirements.
Comprehensive reporting for testing of controls – Today IT administrators are subject to more audit and compliance requirements than ever before, including government mandates such as Sarbanes-Oxley and HIPAA. When high-risk users are accessing the critical IT infrastructure, the ability to identify and track their activities becomes essential. Xceedium GateKeeper provides end-to-end accountability and satisfies these compliance requirements by providing extensive reporting, keystroke logging and session recording capabilities that deliver a complete picture of user activities.
Enhanced vendor productivity – Based on the individual's defined profile, the user is provisioned with appropriate tools (Telnet, VNC, out-of-band, etc.) to use with a specific device, serving the tools up as Java applets to the user desktop. This enhances the productivity of vendors and outsourced support personnel, enabling them to meet service level agreements while controlling their activities.