Business partnerships are the lifeblood of most enterprises. But when those relationships rely on unsecured digital connections, things get risky. More and more, vendors, suppliers and consultants are given access to company systems and data via the cloud. Why is this so dangerous? Think of the recent breaches at CVS, Costco, Walmart and RiteAid, for instance, where the threats were traced to one third-party vendor, a provider of photo processing websites and services.
The average enterprise connects to 1,586 partners via the cloud, according to Skyhigh Networks. It's easy to see how the cloud has become a vector of attack for organizations who can't keep pace with identity and access management. Even if your own company has strict security and data governance requirements, chances are your partners are much less diligent.
Many enterprises think their traditional WAM systems can manage external identities and partner access in the cloud. But in reality, they don't stand up to today's complex and ever-changing identity needs.
Most traditional WAM solutions were developed before the cloud explosion
Partners expect seamless, anytime-anywhere access to critical internal applications and data. This leaves the enterprise with an exorbitant number of users that must be provisioned (and de-provisioned) with the right access, even if the enterprise doesn't own or manage those partner identities. This requires significant federation capabilities, such as authentication and single sign-on, which didn't exist when most traditional WAM solutions were developed.
Today, these capabilities are often simply bolted onto old systems. Cloud-based customer and partner apps reside outside the firewall, so traditional identity and access management (IAM) systems store identities in separate directories, such as Active Directory, that operate inside the firewall. But this costly approach adds liability and requires an extra layer of IT maintenance.
A federated approach to IAM ensures that you can provide the access partners and customers need without assuming the complexity, cost and risk associated with managing those identities locally.
Traditional WAM systems can't keep pace with change
Modern enterprises need the ability to scale the number of users up or down quickly. With traditional WAM systems, managing this change eats time and money. Consider the likelihood of a partner immediately notifying you of personnel changes. Now multiply that by every employee at every partner, and you can quickly see how managing partner access can spin out of control. The process must be automated, and traditional WAM systems don't fit the bill.
The modern enterprise needs a modern solution
We recommend four "must-haves" for IAM solutions in the cloud:
Deliver a unified experience. Enterprises should rely on a centralized identity security framework to manage partner access to apps, data and services.
Provide self-service. A user-driven onboarding experience for customers and partners eliminates the need to engage administrators. IT organizations benefit from a self-service model as they add new applications and integrate with legacy and cloud environments.
Enable strong access policies. Multi-factor authentication provides an added level of security that ensures the right partners are granted access at the right time. Many organizations are moving to smartphone-based strong or multi-factor authentication solutions.
Centralize control and audit. Enterprises should monitor and control what your partners can access with first-day and last-day provisioning.
Your security is only as strong as your weakest link. Ensure that partner access is as buttoned up as your internal access. Enterprises are transforming the way they work, partner, and interact with customers with Ping's Identity Defined Security Platform. By authenticating identity, rather than protecting the endpoint, enterprises can enable access for any user from any device, anywhere--meeting the needs of business partners in the modern enterprise.