The Identity Blog

Background image

SecZetta + CyberArk: The Key to Trusted Vendor Lifecycle & Privileged Access Management

Many organizations are looking for ways to keep a close eye on the access third party vendors have and what they do with that access. After all, third parties are the highest risk population gaining access to an organization’s resources and a Ponemon study found that over half of all breaches have been linked to third parties.   

A  CyberArk survey of 130 enterprise IT and security decision makers uncovered that 89% were dissatisfied with their ability to secure third party vendor access, and half of those surveyed ranked onboarding and offboarding of these vendors as their number one concern. Since nearly every organization today relies on third parties having privileged access – and quite often remote privileged access  it’s never been more important to get a handle on the lifecycle of these workers and the access they’re provided. 

Even beyond the risk these external vendors present, there’s also the agony associated with the day-to-day effort to manage their lifecycle and their access. Third party vendor relationships are dynamic and oftentimes they are only accessing systems for short periods of time. For many organizations this requires the massive overhead and effort of gathering user data, managing VPNs and agents on corporate shipped laptops, provisioning access, and crossing our fingers that these vendors protect and use their access appropriately. This is not sustainable for an already overworked IT team, especially with the recent uptick in third party and remote workforce. 

Together, SecZetta and CyberArk present an end-to-end solution that not only manages identity lifecycle and access in a collaborative, efficient way, but also proactively assesses, manages and mitigates risk of these third parties. SecZetta maintains a holistic, consolidated view of identity and risk throughout the vendor’s lifecycle, providing relevant identity information to  CyberArk Vendor Privileged Access Manager to enable fast, efficient onboarding and offboarding of these vendors and their access. These trusted identity details also allow for well-informed, risk-based decision-making when it comes to the privileged access required by vendor usersWith the SecZetta and CyberArk integration enabling justintime provisioning to the platform, third parties get access to target resources quicker and more securely. CyberArk then seamlessly provides crucial functions like credential vaulting and privileged session management. And, with Vendor Privileged Access Manager, all of this is possible without passwords and without VPNs or other agent-based solutions. 

Let’s take a look at a few examples to illustrate the benefitdelivered by the SecZetta and CyberArk integration. 

New IT service engineer requires immediate access to resolve outage. 

An outage occurs and a new engineer from a trusted IT service vendor is engaged to quickly address the problem. Historically, even in an emergency situation, it could take hours to get a request for external access completed – and days if they also need to access using provided equipment or through a VPN. With SecZetta and CyberArk, the story is different. SecZetta provides capabilities for a delegate at the third party vendor to immediately request to onboard the engineer through an external portalThe request is then quickly routed through a fully auditable process involving necessary compliance steps, like approvals and identity proofing. The engineer is then instantly invited into Vendor Privileged Access Manager where she gains immediate, controlled access to critical systems and quickly resolves the issue.  

Project completes and privileged access for vendor contributors is removed. 

A lengthy project involves multiple vendors and users to implement a stack of solutions. After months of execution, the project completes with dozens of external vendor users utilizing remote access via Vendor Privileged Access Manager to complete critical project milestones. Upon project completion, access must be removed for all vendor users to meet compliance requirements and to eliminate related risk. In many cases, proactively removing vendor access simply does not happen. At best, organizations rely on expiration dates that extend well beyond the final day of a vendor’s access requirement. This greatly increases risk and the potential for a breach via these now unnecessary privileged credentials. 

With SecZetta and CyberArk, details and status for third party organizations, projects, and vendor users are proactively maintained and directly impact the access vendor users have. When the project closes, SecZetta understands what vendor users are part of the project, automatically deactivates their profiles, and sends that new status to CyberArk Vendor Privileged Access Manager to immediately disable the relevant access for all contributing vendor users. This entire process is initiated and executed with the click of a button in SecZetta. 

Trusted Vendor Lifecycle and Privileged Access Management 

Third party vendors may include IT service providers, external consultants, suppliers, affiliates, or partners, all of whom pose unique security risk to the host organization as they oftentimes require the same levels of administrative access as a typical in-house IT administrator.  

With SecZetta and CyberArk, privileged access management of third party vendors is quickly achieved with less administrative burden and without the exhausting, error-prone process typical of non-employee lifecycle management.  

Key Benefits of Integration  

  • Lifecycle of non-employees in SecZetta is supported by unique, collaborative workflows for each population which results in trusted, authoritative non-employee data, relationships, and status.  
  • Policy checks, risk scoring, and approval processes within SecZetta enable informed, risk-based decision-making for the management of third-party vendor access within Vendor Privileged Access Manager. 
  • Updates and status changes in SecZetta result in immediate updates to corresponding users in Vendor Privileged Access Manager, enabling quick, seamless remote access for newly onboarded vendor users as well as immediate removal of access when a non-employee profile is terminated within SecZetta. 
  • Direct integration with CyberArk Privileged Access Manager helps ensure that third parties are authenticated and provisioned with proper access to critical resources in order to perform their business duties. 
Post image