Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security Manager's Journal: Stopping vendors from making us a Target

Mathias Thurman | March 25, 2014
Thank you, Target! It's a pity that security managers have to capitalize on other organizations' misfortunes to broker change within their own enterprises, but the notorious Target breach of late last year just might get me some things I think my company has needed.

Even Worse

Both of those issues need to be addressed, but what really concerns me is that vendors have been allowed to download the VPN client and use it to connect to our network. Vendors are supposed to be restricted to a clientless VPN portal with links to needed applications. That keeps vendors' PCs off our network — PCs whose integrity we can't vouch for. But any PC using the VPN client is configured as a node on our network, just as if it were plugged into an Ethernet port in our office. That, of course, ups the chances that hackers can propagate malware or take advantage of an exploit and gain unauthorized access to our network.

To mitigate this issue, I've been pushing for the deployment of machine certificates to all company-owned PCs. No certificate, no remote access to our network.

There is some work to be done to tighten this process, but now, thanks to Target's pain, I have the perfect war story to gain traction for my plans.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.