When the resources of a service provider aren’t in your office, a long list of concerns emerges.
The responsibility of securing the services supply chain is especially daunting for top-tier financial institutions. These institutions must now comply with increasingly demanding standards, such as SOC 2, OSFI, 23 NYCRR 500, FIPS, GDPR and ISO. Often, they’re forced to engage global GSIs, boutique consultancy firms or tactical skills located in dispersed and at-risk geographic regions. Moreover, the skills shortage in mature markets is driving an additional need to tap into a global talent pool. Cybersecurity, compliance, auditing, governance, productivity and connectivity all remain barriers to quickly engaging the contingent workforce. Hence, financial institutions are struggling to balance the need for security with their reliance on a global services supply chain.
When the resources of a service provider aren’t in your office, a long list of concerns emerges. You now have to worry about endpoint devices, malicious software, developer trust, credential management, VPN network access risks, governance and compliance. Consultants typically use their own laptops, and they routinely work from cafes, airports, hotels or their homes on networks that are not encrypted or protected from malicious software.
With consultants working at a distance, organizations can’t monitor activity in real time or inspect anyone’s complete body of work for accuracy or compliance. This adds even more headaches around compliance and auditing for large international organizations.
Today, the only way to enforce security and compliance is via written contracts and lengthy IT processes for provisioning corporate-controlled endpoint devices, assigning credentials and onboarding consultants. But with Tehama, those worries about security and compliance are taken out of play.
Tehama gives financial institutions the secure infrastructure needed to work safely with a global workforce.
With Tehama, you get:
- Endpoint Device Isolation: Tehama isolates endpoint devices and eliminates VPN risks by providing a virtual extension (Room) of the enterprise. In a Tehama Room, workers can securely collaborate and deliver services to only the enterprise applications on-premise or to the cloud-based Room they’ve been authorized to access.
- Encryption: Everything that happens in the Tehama Room is encrypted, as is all the traffic between the secured Room and the corporate application.
- Security Policy Enforcement: Before global workers are permitted to enter a Room, they must complete an approval process that enforces policies such as nationality, OSFI, legal clearances, GDPR or any other policies the financial institution wishes to enforce. Once workers are approved, they must use MFA (multi-factor authentication) to enter the Room. There, they start work on a Windows or Linux desktop image that is already loaded with all the software products authorized by the Room manager, including development tools, IDEs, test environment and collaboration software.
- Credentials Security: The Room manager can also load credentials for corporate applications in the Room Password Vault. Consultants copy and paste obfuscated user IDs and passwords without ever seeing them, thus preventing the accidental or deliberate sharing of that information.
- Forensic Auditing: For even greater security, every Tehama session from every contingent worker is perfectly witnessed in real time and recorded for playback and auditing. Everything done in the Room is logged and recorded to protect the financial institution and the contingent workers’ organizations.
With this full transparency, Tehama builds trust and secures the services supply chain. It gives financial institutions a simple way to quickly onboard, manage and scale a global workforce while still meeting all compliance and audit regulations.
Benefit from Tehama’s
SOC 2 Type II compliant platform which comes with 107 SOC controls already built-in.
Deep forensic auditing and compliance for secure access and monitoring of a global workforce 24 x 7.
Launch “ready-to-work” complete and productive work environments — in minutes, not months.
Eliminate credential theft and lateral network movement associated with VPN access.
Reduce costs and delays by avoiding IT infrastructure procurement and deployment.