How to Manage Access for Vendors and Contractors

Employees aren’t the only group of people who need remote access to a business’ private network resources. Businesses frequently work with independent contractors, vendors, and other service providers who need access to those resources too.

Unique issues raised by vendor remote access

Managing access for vendors raises a few issues that are different to managing access for employees:

  • Vendor relationships tend to be more transient. A contractor may be brought on for a 3-month engagement, and then they move on after it’s done. A vendor may staff a small team on a project, and the composition of that team might change over time as the vendor swaps individuals in and out as needed. As a result, vendors onboard/offboard more frequently than employees, which means additional work to ensure accounts are provisioned and deprovisioned in a timely manner.

  • Vendors may need more targeted access to resources rather than the broader access an employee may have. This may be the case when a vendor is brought on to help with a specific task or project.

  • Vendors may access systems using their own devices and from remote locations such as their own offices, the security posture of which is unknown. For example, employees are typically issued laptops by their company, but it is common for vendors to work using their own laptops.

How Twingate is used to facilitate vendor remote access

Twingate helps businesses to manage the access control challenges raised by these factors in a variety of ways.

  • Easy onboarding/offboarding. Twingate overlays access controls over any private network resource, without requiring any changes to that resource. Twingate also integrates with SSO and identity providers like Okta and Google Workspace and delegates authentication to them. This means that disabling a contractor’s SSO account will disable access to all resources secured by Twingate - even if a resource doesn’t natively support SSO and requires a separate account for logging in.

  • Granular access controls. Twingate can grant and restrict access to specific resources in seconds. Control over access at the application-level means that access can be provisioned on a “least privileged” basis, so contractors don’t see more than they need to. Contractors can be assigned to groups, and permissions can be assigned to groups, making management even easier. (Traditional VPN solutions rely on complicated network segmentation projects to cordon off access to specific resources. This approach is not nimble and, as a result, it’s not uncommon for companies to grant contractors with more access than they need for expediency.)

  • Visibility over contractor devices. Twingate can log network access activity across the entire enterprise, giving visibility over who is accessing what. This allows businesses to monitor things such as what devices are in use, where they are located, and what their security posture is - including for contractor-owned devices.

Last updated 4 months ago