4 min read

Tech Insight: How To Make Business Partner Security Work

Trading partners can be your biggest assets -- and, potentially, the greatest threats to your business' security. How can you keep your data safe?
Why doesn't the IT organization have a better understanding of how business users and partners interact with systems? One reason is a problem that plagues many enterprise environments: logging.

Most IT shops are either logging too little or too much. The former poses a problem when an issue crops up and the root cause cannot be tracked down. The latter turns into a problem when an issue arises and there is so much log data to sift through that the root cause cannot be found quickly.

Many IT shops don't log enough because they don't know how to centralize logs; other IT shops are overwhelmed with data because they don't know what to do with the logs once they are put into the central repository. In either case, an enterprise log management or security information and event management (SIEM) system can help.

Log management solutions and SIEM take different approaches and address slightly different needs, but the end result is essentially the same: They take logs from many disparate sources and turn them into actionable data. Splunk is a good example. It can take in logs from firewalls, routers, Windows servers, Apache Web servers, and more. Those logs are then searchable from the Web interface, and alerts can be configured to go off when something interesting is going on, such as repeated failures from a partner trying to log into an unauthorized server.

With the dropping cost of disk space, you can no longer argue that you can't log everything. But if you do log most everything, then you can be overwhelmed with data. So take the time to investigate the different solutions, which in addition to Splunk also include TriGeo, Nitro Security, ArcSight, and LogLogic. One of them is bound to fit your environment.

If we agree that all partners should be treated as hostile entities, then the question becomes how to protect your data. Do you use firewalls, intrusion prevention systems (IPS), network access control (NAC), or data leakage prevention (DLP) tools to protect your internal network from the malicious hackers on the outside? If so, then there's no reason you shouldn't be doing the same for your partners accessing the network.

In the typical site-to-site VPN setup -- where a partner's corporate network is joined to your company's network -- deploying DLP, NAC, and IPS is a smart move. When management asks why you're trying to protect yourselves from your partners, point them to the Verizon data breach report, where it states the majority of partner-related breaches were due to lax security on the partner's network -- and a lack of visibility and accountability in partner-facing systems.

For remote users connecting from laptops through a VPN, the same setup as the site-to-site VPN is valid, although it may be implemented a little differently. That depends on the VPN and NAC solutions. Some VPNs now support NAC-like features, such as posture assessment, to ensure that hosts connecting to your environment are patched and running up-to-date antivirus software. An IPS can block attacks coming in from the partner systems in case they are already infected by malware or compromised by an attacker. At the end of the day, businesses need to interact with partners in order to make money. But just like the business decisions that went into establishing the partnership, the risks of allowing third-parties access to your network needs to be evaluated and strictly controlled. Doing it wrong can be an expensive mistake -- and no one likes to be a statistic.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.