Most businesses thrive on partnerships, and some businesses -- well, they simply can't exist without partners. But sometimes those relationships pose a real threat to your company's security.

A recent Verizon Business study of more than 500 data breaches during the past four years drives that point home. In the study, 57 percent of data breaches involved partners' networks being used by an external attacker.

Enabling contractors, suppliers, and other business partners access to your network does not have to be a recipe for disaster. To be successful, you need to know where your data is and who needs to access it. Only then can you plan your network and remote access infrastructure so it can be monitored and protected comprehensively.

The most important factor to remember during the process of enabling and securing partner connections is that your partners are third parties accessing your network. They are not your employees. You don't control their networks. You should treat them as untrusted, possibly malicious, entities who must be there, but might need to be removed at any time. You are the digital bouncer.

Before providing outsiders access to your environment, you must know which data they will need, where it's located, and how to allow just enough access for them to do their jobs. This is the part where most companies fall down. It sounds simple, but you need only look at recent partner-related breach news to see that many companies are doing it wrong.

Many of these breaches happen because of a disconnect between IT and the people behind the partner-related business processes. For example, say someone from purchasing requests access for a supplier to an internal, Web-based inventory application. IT configures a new VPN connection, sets the appropriate firewall rules, and marks the request as complete.

Unfortunately, it doesn't end there. Often, a request comes back that the supplier needs additional access to another system. After a back-and-forth between IT, the partner, and the business unit, management tells IT to "get it done or else." Now the company's sensitive systems are opened too much, so that the link works and management is happy. Sound familiar?

If IT had a better understanding of where the data is and who uses it, then the process of allowing and controlling that access would be greatly improved. A database activity monitoring (DAM) tool, for example, can provide insight into which users are accessing what data. Most can be configured to establish a baseline for what is normal -- and alert IT of any abnormalities.

In the case of a partner, policies can be defined in a DAM that say partner X is allowed to connect from network Y only during business hours and only to table Z in the database. Any deviations from that policy can be either blocked or flagged, depending on the features of the DAM product.