We're working with a few short-term contractors who need access to Jira, Confluence, and Slack. However, they aren't willing to install any company agents or use a Virtual Desktop Infrastructure (VDI). I'm looking for any alternative methods to provide them secure access without needing full device management. What are some best practices?
4 Answers
It sounds like you're dealing with some confusion about the hosting. If it's internal SaaS, consider setting up a jumphost with Privileged Remote Access tools like Beyondtrust. For externally hosted SaaS, ensure you're using strong Single Sign-On (SSO) with MFA to tighten security,
If they're not willing to follow your company policies, it's going to be hard to ensure security. You need to set clear expectations from the beginning. Contractors should understand that adhering to your policies is essential for working with your organization.
I'd suggest focusing on identity verification, contextual access, and browser isolation. Nowadays, there's a lot you can do at the session layer to maintain control and security, even with remote access.
While VDI is the safest route, if your contractors aren't on board, definitely loop in HR and Legal to make sure you've covered all your bases. It's crucial to weigh the security implications of allowing them access without those safeguards.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures