Companies often engage the services of third-party contractors to fill their IT (information technology) and technical support needs. This use of outside technical support personnel may be necessitated by a number of reasons, including restrictions on new hires within a company, a specific efficiency or technical expertise of the outside personnel, inconvenient or undesirable working hours (e.g., evening or holiday shifts), and the like.
To perform their services, however, the outside technical support personnel are typically granted elevated access privileges to the company's IT infrastructure and business applications, including computer systems, networks, programs, and the like. Unfortunately, granting outside technical support personnel access to a company's IT infrastructure and business applications can create a number of risks, such as lost and/or stolen data, unauthorized access to critical and/or highly sensitive systems, and the like. Indeed, many of the same risks may exist to some degree even with the company's own internal technical support personnel.