Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy Download RDM RDM Workspace Workspace Launcher Launcher
Poll

August Poll Results: What Tool(s) Do You Use in Your Organization to Manage Third-Party Access?

August poll results third party access tools devolutions blog
Laurence Cadieux
Laurence Cadieux

As Communication Team Leader at Devolutions, I lead our content and communications team, with a focus on strategy, alignment, and brand consistency across all channels. I oversee initiatives like our blog, the Devolutions Force advocate program, and global PR efforts — ensuring our messaging connects with the right audiences, in the right way.

I hold a bachelor’s degree in marketing, and outside of work, you’ll usually find me singing with my band or rewatching my favorite movies. Want to connect? Reach out at lcadieux@devolutions.net.

View more posts

The growing reliance on third-party vendors has helped companies cost-effectively drive productivity, performance, collaboration, compliance, and scalability. That’s the good news. The bad news is that it has also increased risk — and many companies are not responding to this. Research has found that:

  • 82% of companies provide third-party vendors highly privileged roles.
  • 76% of companies have third-party roles that allow for full account takeover.
  • Over 90% of cloud security teams were not aware they gave high permissions to third-party vendors.

To address this vulnerability, last month we asked you to share what tools you use in your organization to manage third-party access. As we had hoped, there were many informative responses. Here is a snapshot: (tools with an * were mentioned multiple times):

  • VPNs**
  • Temporary AD access or guest accounts**
  • Citrix**
  • 2FA*
  • Microsoft tools*
  • CyberArk*
  • In-house applications and internal systems**
  • AnyDesk
  • Manufacturer default tools
  • TeamViewer (to monitor third-party access)
  • One-time access (if there is a vendor that supports a product)
  • RSA SecurID
  • Extra support system
  • Logmein.com (for occasional third-part access to a server in need of support from non-organization resources).
  • SSH/RDP connections proxied through Thycotic’s Secret Server launcher with MFA
  • Azure Active Directory B2B
  • Remote Desktop Manager
  • Devolutions Server
  • Netwrix
  • Firewall restrictions
  • DuoMobile

It was also interesting to note that as a matter of policy, some of you:

  • Do not allow third-party access at all.
  • Use locked down static IP addresses from their ISP to give third parties access to on-premises servers for maintenance (third parties cannot access servers in the cloud).
  • Immediately change account passwords after a third party has accessed a machine or server.

The Winners Are…

You’re all winners, because you are taking third-party access risk seriously, and taking steps to mitigate the vulnerabilities — and ultimately keep your company safe.

Now, let’s reveal the two randomly-selected participants who will each win a $25 Amazon gift card. Congratulations to Stephen and Wontollaz! Please email me at dsthilaire@devolutions.net to claim your prize.

Thank you to everyone who participated in the poll, and stay tuned because the September poll is coming very soon.

Table of contents
Related Posts

Read more Poll posts