Should my company allow a VPN connection to a 3rd party server?
I work on a company helpdesk and received a request from finance to set up a VPN connection to a 3rd party accounting server so they can get daily updates on the latest accounting figures. My question is whether this is safe from an IT security perspective? My understanding is that by setting up a VPN between our finance team’s laptops and the 3rd party server we are essentially opening up our corporate network to any malware (present of future) on the 3rd party server or network – is that correct? Is this approach anymore risky than, say, using a party cloud service via HTTPS e.g. SAP or Salesforce?
Of course the request is urgent so my options are either delay year end accounting stuff or do something that is possibly a security risk – help please!!