Trustwave's Brown adds that many third party organisations require a very high level of access to the customer's systems. "As a result, these support organisations have the ability to gain access to most systems and data within the customer's environment," he says.

"A thief leveraging this same access will also have the ability to access, and change most systems and data, making the potential impact of improperly secured third-party access channels very serious."

IDC's Hue says that the most important way of addressing the need for third party access is to conduct a risk assessment exercise. "The objective here is to ensure that the third party's security integrity, controls and standards meet your own organisation's standards," he says. "This includes visiting your partners' facilities and data centre in order to ensure that they have adequate network and physical controls."

Another way of addressing third party access is to ensure that the party has restrictive access to the company's system.