Vendors. Supply chain partners. Third parties. Contractors. All are different names for entities that might need access to your corporate networks and systems. But they have one important thing in common: They are outsiders to your company. We are supposed to trust these outsiders to do the work they were hired for, which often requires remote access into our most critical and sensitive systems. They might be working on mission-critical servers or be accessing data that is covered by various regulations such as PHI or PII. But before we hand these folks the keys to our IT kingdoms, we need to build a practice of verification to make sure that these outsiders are who are say they are and that they’re doing the things they are supposed to be doing.