a good thing!
Partner Identity and Access Management: Streamlining Complexity
Life used to be so simple. You would give your employees password-protected access to systems and applications on your network, and that was that. Sure, a little user education was required so they wouldn't write their credentials on the proverbial yellow stickie, but it was a straightforward task to keep away unwanted intruders.
Obviously, that is not the way we do things today. Now, you have to secure not only workforce access to your systems, but customer access and, increasingly, partner access, too. Partner identity and access management (IAM) can be a significantly complex process, depending upon how many partners you have. For the largest retailers, like Walmart, which has 110,000 partners that need to access the partner portal, partner IAM can be a sinkhole of complexity and expense.
Partner IAM is difficult and unrewarding to master because partners and suppliers are not employees. So, large companies face the task of managing IDs and passwords for a potentially very large group of users who are not employees, an extremely unwieldy process, considering they don't know when the partner's employees leave the partner company. There is a constant state of churn at every company, trying to stay on top of that for users at another organization is a guaranteed headache. Partners rarely ask their partners to remove users in a timely fashion when employees leave. Costs mount along with the number of password resets.
The process is burdensome enough, but then think about the risks involved. Target endured a public relations disaster in 2013 when a hacker got onto its systems via credentials stolen from an HVAC subcontractor. Along with the considerable blow to tens of millions of cardholders' trust, Target shareholders had to foot a bill of nearly $150 million as the cost of the breach. No one wants to have to answer for that kind of destruction.
Without a partner IAM solution, many companies use a rather draconian method to solve the problem: On a monthly or quarterly basis, they require every user at every partner to revalidate their ID and passwords. It reduces the number of inactive users in the system, but this method makes for terrible user experience, and it's difficult to manage, to boot.
Most organizations have little interest in managing other companies' users. The real solution is federated partner IAM, in which companies authenticate their own users and validate their own passwords and receive federated access to partner systems using a partner IAM solution.
The partner IAM solution has to be super-simple to adopt (or partners won't adopt it). When it comes to federation, there are three distinct types of partners for the purposes of connection:
Ping's Partner Identity Solution speaks to all three groups, leveraging both our Federated Access Management capabilities as well as our cloud identity and directory services, providing:
The cost and risk of managing partner identity can be daunting. Arm yourself with a partner IAM solution that eases the process, reducing the chance that you will be caught in the hot seat.