Quite often we find that we must have some outside support to help out our IT staff, or perhaps our IT staff is outsourced. In cases like these, we may need to bring in someone who does not normally need access to our facility. This is where we must let the outsider in; the un-cleared vendor.
A facility which has implemented strong access controls and which has a policy of ensuring confidentiality does not open its doors nor employ just anyone. Typically anyone who needs access to a facility requires a formal background check and sometimes a security clearance issued by the government or by the facility owner. Granting access to someone who does not have a security clearance or a background check to this type of facility is no easy task.
Escorts are normally required to accompany any un-cleared personnel into the facility. This can be a normal operation when dealing with custodial workers, facility construction workers or other maintenance people. Usually those individuals acting as escorts are members of the local security team or anyone who’s been properly trained in escorting duties. Un-cleared IT support is a completely different animal and requires more than just a pair of eyes looking over their shoulders. When you allow un-cleared IT support workers into your facility, you are introducing a potential major threat to your computing environment if not handled carefully.
In order to properly escort un-cleared IT support workers, you need to know exactly what they are going to work on. Once you figure out what they are going to work on, then you need to assign the proper individual to escort them. This cannot be just an ordinary employee; it in fact needs to be someone who is familiar with the equipment that is being worked on and has a security mindset to watch for, and identify a potential threat. This type of escort is commonly referred to as a “technical escort”. For example, if you need IT hardware support with a crashed server, the IT support worker is no doubt going to need physical access to the box itself. The worker may even need to swap parts like a motherboard for instance to get your server back up and running.
Wait a second… now not only am I introducing an un-cleared person into the facility, I’m also bringing in hardware that’s hopefully been researched (we’ll leave that for another article). The technical escort needs to be familiar enough with hardware being introduced to make sure that it is what it’s supposed to be. This should all be coordinated in advance if possible. The escort also needs to ensure that there are no additional parts coming in such as an unwanted communications device etc. The escort’s technical expertise ensures that an “expert” set of eyes are on the un-cleared IT worker at all times and also knows what to look for.