What is the best way to manage third-party remote access to OT systems?

Best practices include: just-in-time access provisioning (access granted for specific maintenance windows, not permanently), dedicated vendor jump servers that restrict access to authorized systems, session recording for audit purposes, MFA requirements for all vendor access, network monitoring for all vendor remote sessions, and vendor security questionnaires/assessments before granting access. Minimize permanent always-on access in favor of controlled, monitored session-based access.

Definition

Third-Party Risk

Security risk introduced by vendors, contractors, or partners who have access to systems or data. Third-party remote access is frequently exploited in healthcare and industrial environments.

What is Third-Party Risk?

Security risk introduced by vendors, contractors, or partners who have access to systems or data. Third-party remote access is frequently exploited in healthcare and industrial environments.

Third-party risk in security refers to the cybersecurity exposure introduced by vendors, contractors, managed service providers, and supply chain partners who have access to an organization's systems, networks, or data. Third parties with remote access to OT systems, medical devices, or clinical networks represent some of the highest-risk access vectors in healthcare and industrial security.

The challenge is that third-party access is operationally necessary. Medical device manufacturers require remote access for software maintenance and service. Industrial equipment vendors require access for remote diagnostics and firmware updates. Building management service providers maintain remote connections for HVAC and access control management. Each of these relationships provides value and is difficult to eliminate — but each also represents a potential attack vector if the third party's security posture is inadequate or their credentials are compromised.

Third-party breaches have driven some of the most consequential security incidents in recent history. The Target breach (40M credit cards) started with compromised HVAC vendor credentials. The SolarWinds supply chain attack affected thousands of government and enterprise organizations through a compromised software update. Healthcare organizations regularly experience breaches through compromised medical device vendor remote access accounts.

Key Facts

Third-party remote access is the initial access vector in over 40% of OT security incidents
The Target breach — 40M credit card records — began with compromised HVAC vendor credentials
Medical device manufacturers typically require permanent remote access to devices they sell — creating persistent third-party risk
Vendor access monitoring is required under ISA/IEC 62443 and NERC CIP for critical infrastructure operators

How ORDR Addresses Third-Party Risk

ORDR monitors third-party remote access sessions as part of network behavioral monitoring. Unusual remote access patterns — access outside authorized maintenance windows, connections to systems outside the vendor's typical scope, access from unexpected geographic locations — trigger behavioral anomaly alerts. ORDR also provides visibility into which devices are being accessed remotely and by whom.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Complete visibility across your entire attack surface.

ORDR unifies IT, IoT, and OT asset intelligence so your team can see—and act on—what matters most.

REQUEST A DEMO Platform Overview