In today’s modern era, it is very common for enterprises to work with contractors and business partners. This brings a variety of users from outside the network. These users are known broadly as the extended enterprise.
Though the extended enterprise can be critical in enabling organizations to scale their business, it also brings massive risks and challenges.
The extended enterprise and its challenges
Members of the extended enterprise generally include users such as partners, distributors, resellers, contractors, temporary workers. They mostly operate outside your network—coming in from unknown devices and locations. Sometimes they operate inside your network for a temporary period.
These users need required access to some of your sensitive information. Though such access is selective and sometimes time-limited, it increases risk to your organization and increases implementation challenges for your IT department.
- New security risks. New users accessing from new devices and locations certainly bring new security risks. Also you do not have direct control on imposing your organization’s policies on them. This exponentially increases the risk.
- Integration complexity. Connecting third-parties to your internal resources can be technically challenging. Technology differences make it even more harder.
- Increased IT support. Your IT department undergoes huge strain and their work load increases multifold while providing and maintaining personalized access to partners and contractors.
Challenges IT needs to solve
These three challenges help frame the problem at a broad level, but your IT department is more concerned about solving these problems and strive to put in place following key requirements.
Connect to partner identity sources
Working with partner identities is very tricky and challenging. You do not want to add them to your Active Directory (AD) and manage their profiles and lifecycles. Instead, IBM recommends connecting to a partner’s Identity Provider (IdP) via Federation. If a partner doesn’t have an IdP, they can rely on IBM to be one.
Provide secure and selective access
Providing secure access to your extended enterprise is very important. IBM Cloud Identity Single Sign-On (SSO) combined with Multi-Factor Authentication (MFA) is a simple and highly secure mechanism for granting access to employees as well as contractors, partners, and temp workers access. They can access SSO through any internet connected device, anywhere in the world. You can configure SSO to Cloud applications (SaaS applications) as well as your legacy applications.
Automate user privileges
Temp workers and contractors are short term employees. Organizations want to ensure they get access to the resources they need from day one and all accesses are revoked immediately after last day or termination of contract. Handling this manually is error prone as well as time consuming increasing stress to your IT. IBM Cloud Identity Lifecycle Management offers a streamlined solution. It automatically absorbs user information from the source and then uses it to provide required access as per policies defined by your IT.
Validate proper compliance
In today’s regulatory environment, you are required to prove compliance to an auditor and want to maintain the compliance reports handy. But a wide extended enterprise means the people who have access to your systems is constantly in flux, which can result in stale accounts. IBM Cloud Identity offers several reports to provide real-time visibility into your IT environment so you know who is accessing what and whether they should be doing so. It also helps you run a certification campaign to get rid of stale accounts from your system.
Offload management of partner users
Enterprises don’t want to clog up their IT help desk managing partner users. IT want self-service tools that will allow users to manage simple account related issues themselves. IBM Cloud Identity offers several tools including password resets, account lockouts, and MFA enrollment.