Gartner Research

How to Secure Remote Privileged Access for Third-Party Technicians

Published: 03 November 2015

ID: G00290251

Analyst(s): John Girard, Felix Gaehtgens

Summary

Most organizations granting remote privileged application or operating system-level access to third-party users leave gaps that introduce significant security risks. Identity and access management and security leaders should follow these best practices to mitigate the risks.

Table Of Contents
  • Key Challenges

Introduction

Analysis

  • Manage Third-Party Identities With a Separate Identity Life Cycle
    • Use Sponsors and Delegates to Manage Third-Party Users
    • Grant Access on an Ad Hoc Basis
    • Recertify Sponsors, Delegates and Individual Third-Party Accounts on a Regular Basis
  • Deploy Tools to Support Remote Privileged Access
    • Use VDI Servers to Provide a Controlled Environment for Local Applications Required by Third-Party Technicians
    • Deploy PSM Servers
    • Alternative Access Methods
    • Choose Appropriate Authentication Options
    • Prevent Lateral Movement by Privileged Users
    • Provide a Controlled Environment for File Transfers
  • Record and Review Privileged Sessions

Gartner Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.