Reducing Outsourcing Risk
"Effective outsourcing management has become a necessary core competency for every IT organization. Most IT leaders have come to accept its reality and have begun to develop a mature process for managing service delivery through partners."
— Gartner Group
More than 60% of all companies use some form of outsourcing, and this figure is growing quickly. The majority of this outsourcing work is performed by highly skilled technical workers for IT operations, application development and technical support services. Diagnostic and maintenance tasks require that they be given remote access to critical IT resources and use powerful access tools like RDP, SSH, telnet, etc. These technically-proficient users are vital to the company and offer a key source of competitive advantage. However, as internal audit and external compliance requirements become stricter, companies require complex and expensive solutions to secure critical infrastructure from this high-risk user group while satisfying these requirements.
At the beginning of the outsourcing trend in the late 1990s, many companies chose to farm out whole back-office departments – often including IT operations and application development – to capitalize on opportunities for cost reduction and increased service levels. Today, as many of those initial outsourcing contracts come up for renewal, companies are demanding that their outsourcing vendors deliver a security framework that includes not only access, but the controls and validation of these controls to satisfy internal security and external compliance requirements. How can an organization capitalize on the efficiencies provided by outsourcing without compromising security for this high-risk user group?
How can an organization capitalize on the efficiencies provided by outsourcing without compromising security for this high-risk user group?
The Xceedium Next Generation Access Solution
The answer is Xceedium's GateKeeper, a comprehensive solution that enables the enterprise or government agency to:
- Control access to critical IT infrastructure by outsourced technical users;
- Enforce granular controls and contain users to authorized areas only;
- Monitor all user activities and alert for violations;
- Record all user events,
- Deliver easy-to-produce reports for testing of controls
Xceedium provides an easy to install and maintain next generation access solution that bolsters security while reducing the complexity and cost of managing outsourced users.
Xceedium GateKeeper is a hardened appliance that delivers a unique access methodology that provides granular compartmentalization. Once users are granted access to their authorized areas, the difficult challenge is keeping them contained there. Xceedium's patent-pending Leap Frog Prevention™ technology works at the socket layer using white lists and black lists to keep them contained within authorized areas only. Alerting and remediation capabilities are easy to implement, and ensure visibility to violations and proof of control. All user activities are tracked and logged; Xceedium delivers complete keystroke and patent-pending session recording capabilities that seamlessly provide complete visibility into what the user is doing, even at the command line level. Essential historical data is recorded, and centralized reports enable internal and external compliance auditors to easily test controls.
