Much like the hyper-connected consumers discussed in our Omnichannel blog, partners also expect seamless, anytime, anywhere access to critical, internal applications and data. This leaves the enterprise with an exorbitant number of users (external identities for every partner or customer) that must be provisioned (and de-provisioned) with the right access, despite the enterprise's lack of ownership or influence over those partner identities.
As recent headlines indicate, managing external identities and partner access not only places a significant burden on IT, it oftentimes opens the enterprise up to security breaches. In the case of the Target® breach, according to a recent article in NetworkWorld, "the Target breach was initiated through the compromise of one of the retailer's service providers, a small HVAC company in PA." The article further makes the case that, "the notion of a network perimeter is ancient history."
Consider the likelihood of a partner immediately notifying you of personnel changes. Now multiply that by every employee at every partner, and you can quickly see how managing partner access can spin out of control. In addition, most companies rely on simple username/password schemes that are easily compromised.
Data breach is only one concern. There's also a lot of potential sensitive intellectual property around products, pricing, competitors, etc. that can leak and cause serious long-term damage to the business.
To keep up with external demands from partners and customers for access, enterprises are utilizing cloud-based customer and partner apps that reside outside the firewall. The traditional IAM system stores identities in separate directories that operate inside the firewall, such as Active Directory (AD). This is a costly approach that requires an extra layer of IT maintenance and adds liability.
Often, with thousands of external identities to manage, enterprise IT struggles to keep access up-to-date--unknowingly allowing access for users who should not have access. The result is 'zombie' user accounts that expose the enterprise and legitimate customers and partners to risk.
A federated approach to identity and access management (IAM) ensures that you can provide the access partners and customers need without assuming the complexity, cost and risk associated with managing those identities locally.
Here are some of key considerations when analyzing solutions:
Unified management. Rely on a centralized identity security framework to manage partner access to apps, data and services.
Self-service. A user-driven onboarding experience for customers and partners eliminates the need to engage administrators. IT organizations benefit from a self-service model as they add new applications and integrate with legacy and cloud environments.
Strong Access Policies. Multi-factor authentication provides an added level of security so that you can ensure that access is granted to the right partners at the right time. Many organizations are moving to smartphone-based strong or multi-factor authentication solutions.
Control and Audit. Monitor and control what your partners can access with first-day and last-day provisioning.
Your security is only as strong as your weakest link. Ensure that partner and customer access is as buttoned up as your internal access. To learn more about the changing role of identity in your enterprise, read Identity is the New Perimeter.
Using Next Gen Identity, enterprises are transforming the way they work, partner, and interact with customers. By authenticating identity, rather than protecting the endpoint, enterprises can enable access for any user from any device, anywhere--meeting the needs of the modern enterprise.
For more information:
See how Land O'Lakesprovided secure access to 3,200 direct-producer members and 1,000 member co-ops.