Manage your vendors' access and make them pay for it!

Yaron Levi

The case for outsourcing

 

 

Crisis is the mother of innovation. The history of mankind is full with new ideas that were born during or after a major crisis. On a national level, you can see countries like Germany and Japan, that despite bloody history and major national crisis, emerged to become economic super powers and created much technological advancement. On the other hand, countries like Switzerland, that was always neutral and peaceful, a are mainly famous for technological achievements like the cucko

o clock…

 

The last couple of years marked the biggest economic crisis the world had ever known; many companies went out of business while others are working very hard just to stay afloat. In times of crisis most companies will quickly rush to grab the low hanging fruit by reducing head count to reduce costs, additionally they’ll make their employees work long hours for same or smaller pay.

 

As the world becomes a more of a global village and the high speed communication is reaching to almost any corner of the world many companies start looking at other alternatives by outsourcing their operations. They do so not just to get cheap labor, but in many cases to tap into talent pool that they do not have or is very difficult / expensive to acquire. Networking and Information security are classic examples. The bottom line is that IT outsourcing is becoming more common; IT departments will mainly be staffed by project and vendor managers that will be responsible to managed and outsourced talent pool.

 

A hidden low hanging fruit

 

Outsourcing raises a significant security concern as companies trust their crown jewels at the hand of their vendors. By doing so they lose control over who is accessing their network and even if those vendor users are in full compliance with the company’s policies. Indeed there are ways to manage it inhouse, but for the most part it is extremely difficult to control and it is very expensive as well.

 

The question is... can a company outsource its operations, enforce all its access policies on the vendor and make the vendor pay for it?

 

I believe the answer is YES!!! This is a low hanging fruit that you can find if you only know where to look. Please keep reading…

 

The Vendor’s perspective

 

OK, I won this large outsourcing deal but the customer really killed me on pricing. I’ll need to be creative if I want to make money from this deal meaning I need to be able to support the customer from remote so I can share my resources with other customers as well, all while being profitable. The other side of the coin is: The customer’s IT organization hates me from taking food of their plates; they took a headcount hit so not only they are not motivated to support me they are busy with other things and I am not a priority for them, every time we need to get a support from them it’s a hassle, if we can’t get our remote access working we cannot perform our job.

 

The customer’s perspective

 

These vendors need access to our network but he must comply with all our security policies. We must be able to control who is accessing what and in any case if we need to support our own people. They do come first! The vendor can wait.

 

Oh yes, and one more thing: Now we have this remote access infrastructure we need to manage, in order for the vendor come into our network. We also need to upgrade this infrastructure every few years and the vendors keep losing the authentication tokens we send them. This is a large expense and unfortunately there is nothing much we can do about it.

 

Finding the hidden fruit

 

Interestingly enough the way to solve the vendor access management problem is to …. Outsource it!! Let me explain:

 

Imagine you could outsource the entire vendors’ remote access to a 3^rd party system that will authenticate, authorize and make sure the vendors’ users comply with your company’s strict security policies and only then they will be connected to your network. While in session the system will keep monitoring their activity and will immediately drop them if they violate the policy. More than that, the system will be hosted meaning you’ll have nothing to maintain, your 3^rd party vendor will provide the vendors’ support and to top it all the vendors will pay for it!

 

Not only you’ll eliminate the costs of your in house systems and vendors’ support, you’ll start making money. As I said: if you know where to look you can find this low hanging fruit.

 

ANX’s PositivePro VPN is Software as a Service (SaaS) remote access solution allows exactly that! Since it is managed from the cloud the customer doesn’t need to buy or install any hardware and can ramp the service up or down according to the real need. Multi-factor authentication is achieved using voice calls so there is no need to ship out or manage tokens. The ANX helpdesk provides 24/7 service, we get the support calls from the vendors so you can sleep without been bothered.

 

There are many other benefits like extensive login and session reports, software distribution, passwords management, Web based access and more.

 

Why would the vendors pay for it?

 

Consider the following, let’s assume a vendor has a yearly contract of $100,000 how many IT people can he allow working on the account full time and still make money? 1 or 2 not more! Let’s assume he needs to pay $50 per user per month this will total $1,200 a year for 2 people. This is negligible and he will gladly pay it to keep the business.

 

We will collect the $50 per month and return you $20 so now you are making money!

 

Keep in mind, money is created in your head not by the work of your hands!