How do you contain the exposure of granting online account access to service providers.
Securing access to sensitive online financial accounts
Answers
Many of these apps have granular permission levels. Speak with the vendor on how to limit access.
Also, don't forget to have these people sign NDA's (at least it gives you a leg up in a law suit).
Your IT department should be able to help. Ours has set up online access for specific consultants/vendors that restricts their entry to the portion of our intranet that is specific to the software that they need access to in the first place. They can't get into any other area of our network.
They set up a VPN to come through the main firewall. But then, their ability to access and/or change any software is limited to the particular application they are authorized to work on.
On the other hand, I and one other exec have network administrative privileges and access to all areas of our intranet. The caveat is, any of our access and activities are logged by the system. And, as a matter of data security, if I were to resign tomorrow, my privileges would be instantly revoked for access from the outside.
Things like temps are provided with limited, network access via password and restricted privileges and nothing coming from the outside.
It depends on the type of online service, application or cloud computing
When it comes to financial data, some cloud computing providers can offer tiered permission structures, which also allow you to control or restrict access. For example, a
In any case, it comes down to the technology you are using. And depending on what that is, you may find a variety of terms associated with this ability..."Account Permissions", "Portal Control", "User Access Level", etc.
Filed Under:
Technology