The Inside-Outsider: How to deal with vendors that have privileged access

Logo
Presented by

Tony Howlett, CISO, SecureLink

About this talk

Dealing with the threats from insiders who have administrative privilege in your systems is a challenge enough, but how do you handle the risk that comes from vendors and other third parties such as contractors who need privileged access? These are usually trusted vendors and have undergone some vetting but it isn't usually as rigorous as your internal processes and your visibility into their employee’s background and activities within your systems can be opaque. We will go over why this kind of access represents an outsized risk to security and compliance, the challenges of managing these “Inside-Outsiders” and give some best practices to make sure that their access is as secure, compliant and efficient as your internal employees. About Tony Howlett: Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A in Management Information Systems. He has previously served at CTO for Codero, a managed cloud hosting provider and CTO of Network Security Services, a security and compliance consulting firm, as well as founding InfoHighway Communications, one of the nation’s first high speed internet access providers. Tony is currently the CISO at SecureLink.
Related topics:

More from this channel

Upcoming talks (6)
On-demand talks (627)
Subscribers (205550)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.