@dashrender said in Locking down vendors:
@scottalanmiller said in Locking down vendors:
@dashrender said in Locking down vendors:
They MIGHT have an internal team for this, but since we have our own IT department, my management has decide to take the costs internal versus paying the new vendor to set up remote access for themselves.
That doesn't really make sense as this is all questions about THEIR IT. All your team can do is get in the way 
I don't follow:
NTG does support for clients that only want you to touch specific things - they don't want you to come in and setup a special network just for those things.. so their IT sets up some type of access for those things.
Not sure how this is different?
That's not really how any customers work as that would be expensive and super impractical (and almost universally, internal IT gets security horribly wrong and would expose themselves and us through their bad practices.)
Every real world customer that we deal with asks us what to do and we provide the tools. Because we have to manage the authorization, revocation, promotion, vetting, and such of our team, who they report to and so forth, we have to have the ability to manage the users and determine what level of our access they can have. The customer doesn't have the necessary visibility to manage security needs.
Letting the wrong IT department handle it risks things like VPNs, shared accounts, shared passwords and so forth because you are asking the team lacking the necessary access and visibility to try to manage a team that they don't know about or control. And it breaks workflows. NTG has workflows around hiring, firing, promoting, job role changes, emergency access and so forth, that are normal, regular, and secure. But a customer can't have that with our staff.
For a customer to do this effectively with us (or any outside vendor) you'd have to build out such a ridiculous about of infrastructure to be secure, that's almost never used because it's part time. It just doesn't make IT sense.