Updated: 10 Apr 2026
The Tier 2 supplier in Rajkot or Aurangabad makes one component. A bracket, a seal, a sub-assembly. It goes to a Tier 1 plant in Pune, which ships to an OEM in Chennai. The remote access credential that the Tier 2 supplier holds to your production planning system does not operate at the same standard.
Tier 1 vendor access receives scrutiny - the major integrators, the platform vendors, and the companies maintaining the MES. Their credentials are reviewed because their relationships are visible and formally managed.
Tier 2 supplier access was created for a specific integration. The integration is still live. The credential is still active. The person named on it may or may not still work at the Tier 2 supplier. Nobody checked.
Tier 2 suppliers have the same access scope as Tier 1 vendors but a fraction of the IT security infrastructure. A Tier 1 integrator has a security team, a corporate VPN policy, and an incident response process. A Tier 2 supplier in a Tier 3 city has one IT person and a shared admin password.
A compromised Tier 2 supplier credential in an Indian automotive production network can provide access to manufacturing execution systems, quality management platforms, and ERP integrations, without triggering the detection thresholds configured for internal users or major vendors.
The Tier 2 credential looks like background noise, which is why it is used.
In Proactive's Cisco Duo deployments across automotive manufacturing environments - OEM operations and Tier 1 supplier networks in Pune, Chennai, and Sanand - credential audits consistently find Tier 2 and Tier 3 supplier credentials not reviewed since initial onboarding. In several cases, the named individual had left the supplier more than 12 months earlier. The access was live. The company had no visibility into either fact.
Cisco Duo, Cisco's identity security platform, enforces MFA across every remote access connection from a single admin console. Named individual authentication, individual session logs, and time-limited vendor credentials. The CERT-In 180-day log retention requirement is satisfied from Day 1.
But Cisco Duo can only protect access that should exist. The credential audit precedes the deployment. Every vendor account mapped. Every access scope confirmed. Every engagement status verified. The Tier 2 supplier whose project closed 14 months ago is removed from the register before a single policy is configured.
Proactive is a Cisco Preferred Security Partner with Cisco Duo deployment experience across Indian automotive manufacturing - OEM operations, Tier 1 and Tier 2 supplier networks, Pune, Chennai, and Sanand. The credential audit is built into every engagement.
The Tier 2 credential is the one nobody is watching. Which makes it the one that matters most.
Consult a Proactive Cisco Duo specialist. Write to [email protected].
We'll get back to you shortly.
