Whether it's suppliers, customers, business partners or any other third parties, giving access to your company data can be fraught with security risks. Add in the Cloud, where data can quickly move anywhere around the world and potentially into many hands, controlling who has access to data rises up the priority list pretty quickly.

In addition to security concerns, law enforcement agencies in Australia, such as the Australian Federal Police (AFP), have the power to request company data under the .

The Anti Terrorism Act states that the AFP can request information from any source about any named person including information about the person's travel, residence, telephone calls and financial transactions.

According to Trustwave SpiderLabs Asia Pacific managing consultant, Marc Bown, third party access is often configured by the party itself, rather than by the organisation whose infrastructure is being accessed. "These third-parties are usually incentivised to make sure that they can get access at any time and fix a potential issue quickly," he says. "They are rarely, in our experience, incentivised to do so securely." As a result, Bown says this access is often poorly configured. For example, the remote access might be configured with a password that is easy to remember and that is shared with all staff within the third party support organisation. "There are no controls in place to change this password when a staff member leaves the support organisation, nor any controls in place to detect brute force attacks and lock login accounts," he says.