Enterprise-level security is seeing changes in requirement as technology pushes further on hard- and software fronts for common civilian applications and business programs alike. This is a natural symptom of evolution: Our grasp of getting things done is shifting in predictable and creative manners simultaneously.
There are points of confluence that seem to emphasize the changes more radically than the sum of their parts, advertising the transformation more than ever.
This is most relevantly noted in the recent uptick in contractor-related breaches to manufacturer security and has a great deal to do with the individual field representatives as much as the companies that host them.
There are several factors that contribute to the cause of recent breaches, not just the number of third-party crutches that a manufacturer leans on. In fact, the big picture boils down to several additional points such as:
- The number of different portal and application types, access points and versions that connect field operatives to the host company and ultimately the manufacturer
- The number of different devices, operating systems, and unique security flaws in each that’s presented by accessing said portals and applications on operatives’ personal devices
- The types of client information that are collected by the manufacturer in their business model: medical records, vehicle information, home addresses, credit card information and so on
- The size of the business as it pertains to the amount that a malicious code-manipulator could fleece from exploiting the information on their servers
Accounting that the majority of manufacturers use up to 25 vendor companies max, there’s already a major security flaw. That accounts for the fact that most third parties prefer to develop their own apps and web portals for the collection and conveyance of essential field data in order to meet the client manufacturer’s expectations on execution and quality assurance fronts. While this sounds like it could potentially be more secure because of the sheer variation in the connections involved, it’s quite the opposite: The only common denominator worth a hacker’s time is the core database of the manufacturer itself, and as such, they’re interested in finding the most attractive means of reaching it.
While it may seem logical for manufacturers to simply cut off the limbs they don’t need, it doesn’t quite work like that. A great deal of the jobs that are provided on the field in addition to the vast gamut of services that are available to the common individual owes to third parties. In fact, many of the retail locations and clerical services that are offered depend on audits, installations, repairs, and adjustments that are made by third parties. Removing these crutches would hurt the common individual as much as the corporations themselves, and nobody wins at the end of the day.
The solution that many companies are turning to now is a new approach to enterprise-level security with OneLogin, a company that combines single sign-on (SSO) convenience and streamlining with the anti-impersonation horsepower of an optimized multifactor authentication (MFA) system. The two features work hand in hand to chop off every single access point to the manufacturer’s sensitive databases, routing everything through a single mediation gateway where OneLogin’s services work to filter out threatening codes and unauthorized individuals. The plan is proving highly effective today and will undoubtedly become more important in the future as manufacturers find themselves relying on third parties more.
Discussion about this post