How to manage third-party service, support and security

U.S. retailer Target saw one of the largest thefts of credit card data in recent history
U.S. retailer Target saw one of the largest thefts of credit card data in recent history

Productivity expert David Allen once stated that his approach, “Getting Things Done,” was based on the simple premise that you can’t do everything. In IT, we face this problem every day. Whether it is due to lack of domain specific expertise or simply not enough resources to handle all of our IT services, there are many reasons why we might look to third parties to help support our requirements.

Third party access can come in various guises – from full IT support and service operations, to specialist knowledge that is required on an irregular basis. The majority of this support is delivered remotely over the internet, making third-party outsourcers an even more cost-effective solution.

A research report by Ovum last year highlighted how many third parties have access to company IT networks. While 12% of organisations ran everything themselves, the majority of companies (56.3%) surveyed across Western Europe had granted access to between one and four suppliers, while 28.3% had between five and 29 suppliers. One company admitted that it had more than one hundred organisations with permission to access their networks.

Why does this matter? 

One word: Security.

Third party access is only going to grow, as more devices become internet-enabled and more specialist knowledge is required to keep them running. However, third party access is also one of the areas where control and management is often overlooked. There are plenty of options out there for remote access to networks, but the security and management of those tools is not as mature. Too often, access is binary and broad. The third-party either has access to the entire network, or it doesn’t.

This is a significant security risk, as witnessed by the attack on U.S. retailer Target last year, one of the largest thefts of credit card data in recent history. Poor third party access management opened the door for hackers to access the entire Target network via the vendor responsible for managing the firm’s air conditioning services. Once in, the attackers were able to use a variety of tricks to navigate from that section of the network and to the credit card database servers.

The current press attention around remote access security should drive better industry practices, but there are further proactive steps that service desks can take now to protect themselves.

Steps to take

For companies running their own service desks, security around third party access should be part of the overall request management process. When internal customers ask for new services or need help that a third party will provide, consider the management of the session as part of the request process.

This includes being able to control access. Why should a third party have access to everything on the network, when they are being asked to fix a specific problem? Locking down access – either to a specific section of the network, or only allowing the third party access to access certain devices or applications – is one option that service desks can look at in more detail. Service desks should also capture a full audit trail of every action a third-party technician takes while on their network, and set up alerts for any suspicious activity, such as a vendor logging in in the middle of the night.

For third-party service providers, keeping their customers’ networks secure should be top of mind. Just as the Doctor’s Hippocratic oath states, “Do No Harm”, so too should third-party providers reduce security risks to their customers around remote access. Implementing secure remote access tools and best practices will help service providers set themselves apart from competitors and improve customer loyalty.

Ultimately, third party access has to be secure, auditable and controlled. At the same time, the requirement for more flexibility in how services are delivered will make remote access by third parties even more common than it is today. Within the overall service delivery strategy, keeping this third party access under control is a key management task to consider.

Image Credit

LogMeIn ends free offering

support

Within the last week remote computer access software company LogMeIn have announced that they will be discontinuing their free remote access product – LogMeIn free – with immediate effect.

“After 10 years, LogMeIn’s free remote access product, LogMeIn Free, is going away,” wrote LogMeIn’s Tara Haas. “We will be unifying our portfolio of free and premium remote access products into a single offering. This product will be a paid-only offering, and it will offer what we believe to be the best premium desktop, cloud and mobile access experience available on the market today.”

Current users of the service will receive an email and a screen message the next time that they log in informing them that they have a paltry seven days to upgrade to a premium account before access to their account is revoked.

In an article for PC World Tony Bradley, Principal Analyst at Bradley Strategy Group states:

“The decision to end LogMeIn Free is abrupt and a bit confusing. It seems like it’s been relatively successful at luring customers to sign up and generating revenue for LogMeIn from the premium account subscriptions.”

Forum members of tech.slashdot.org have criticized the company for the abrupt change:

“…I must say I might have considered signing up for pro, but the zero-notice cancellation of the free account has left a major bad taste in my mouth. It’s a pretty blatant attempt to rush people into signing up for the paid program, because hey, give people a month’s notice to evaluate alternatives and the might find something else they like. For that reason, there is zero chance I’ll sign up for logmein pro.” – TX

Though it appears not all customers are jumping ship with some reportedly being offered six months of pro service as an incentive to continue:

“…at the risk of not conforming to a potential lynch mob mentality, it would appear they’re giving me 6 months of pro service on my existing account before they turn it off. This is plenty of time to make a change.” – Zugmeister

With some just suggesting users should thank LogMeIn for provided the free service for as long as they did:

“It’s so typical. Someone offers a service/product for free. People use it and like it. They keep using it. Then the service/product gets changed/removed/etc. and everyone yells at the owner about how they feel shafted instead of *thanking* the owner for providing such a useful service for free for so long. Everyone feels entitled to get whatever they want for free.” – Nicholasjay

Thinking of changing to another free service?  Stuart Facey, VP EMEA at Bomgar has the following advice…:

“A lot of people are complaining that the once-free service is being taken away and they’ve only been given a week to either pay for LogMeIn Pro or switch to another free service, like Teamviewer. However, while these free tools can be great for accessing your personal computer, they aren’t designed for providing professional support to your company’s or customers’ systems.

If you find yourself having to switch away from a free tool, it’s important to think about your next step – are you only supporting friends and family? Then stick with other free tools that are on the market.

If you are responsible for a wider range of services, or if you have to think about connecting to customer systems in a secure way, then you will have to put more thought into this change. In the world of support, it is important to look at how you deliver services over time and make sure that you are providing value for your customers as well as maintaining your own approach in the right way. The increasing need for collaboration around support challenges, including the capability to securely involve third party vendors, means that free tools will only be able to provide small sections of what you are after overall.

In this instance, it is very much a case of “you get what you pay for” – if you pay nothing, then you won’t get all the functionality that you need, and that may negatively impact the overall quality of service.”

LogMeIn hasn’t done itself any favours with the way it has approached the situation with many users seeming to be more annoyed with the notice period than the discontinuation of the service.

Advice to anyone else planning on pulling a free service where you have a paid alternative:  Treat users like prospective paying customers and not a bunch of freeloaders.

Moving away from LogMeIn?  Here are some alternatives:

Tool Name Description Cost
TeamViewer TeamViewer provides an All-In-One solution for a wide variety of scenarios in a single software package: remote maintenance, spontaneous support, access to unattended computers, home office, online meetings, presentations, training sessions and team work. Free for all non-commercial users£439-£2,219 for Business users depending on package
Chrome Remote Desktop Chrome Remote Desktop allows users to remotely access another computer through Chrome browser or a Chromebook.  Computers can be made available on an short-term basis for scenarios such as ad hoc remote support, or on a more long-term basis for remote access to your applications and files.  All connections are fully secured. Free*As it’s supplied by Google I’d check the privacy policy
Remote Utilities Remote Utilities gives users 15 different modes for connecting to PCs remotely. Users can view screens, send keystrokes, control the mouse, and transfer files. This makes it ideal for IT professionals looking to provide remote support and network administration. Free for both business and personal use for up to 10 remote PC’sOver this$29.95 per remote PC OR$549.00 per operator

 

Citrix GoToAssist GoToAssist enables you to provide fast and easy live remote support with a solution designed to meet your specific business needs. Compare our remote support, service desk and IT monitoring solutions and see which works best for you and your organisation. £39/mo per technician
Bomgar Remote Support Bomgar lets you support all of your systems over the web, even if they are behind firewalls you don’t control.Support customers on remote desktops running Windows, Mac or various Linux distros. Or support a variety of mobile devices – including Android, iPhone, iPad, BlackBerry and Windows Mobile. POA

Image Credit