In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less collaboration and highly targeted engagement with privacy and security is not easy, but you don’t have to go it alone.
Now more than ever, reusing rather reinventing is critical. When it comes to connecting to business partners or your customers, consumers, or citizens, you don’t need to create an identity management solution from scratch—you can leverage cloud based identity and access management (IAM) and customer IAM (CIAM) for better engagement with all of your cohorts.
The new world of work
Even before workers transitioned home in large numbers, IT leaders were facing rapidly transitioning work models fueled by an increase in remote working, freelancer exchanges and platforms, and a geographically-distributed workforce—trends that are only accelerated today by the uncommon circumstances imposed by COVID-19. Concurrently, interconnected and complex supply chain bring partners and suppliers directly into the business, where closer coordination is more important than ever. To get an idea for just how “into the business” that means, according to February 2020 Microsoft research, powered by Pulse, IT executives reported that 55 percent of external users outside their organizations belong to other businesses—for example, commercial customers, partners, and suppliers. And 98 percent of those respondents agreed that deepening collaboration and engagement with customers and business partners is how their company will be successful.
The net is that with all these entities logging into multiple corporate networks and segments, for many CISOs, “insider risk” includes a much broader set of actors than just the full-time workforce. And those CISOs are very concerned about insider risk—with 97 percent recently reporting that as their top concern. That’s why a flexible IAM solution is so important right now, because implemented properly, it allows companies to engage and interact effectively with all cohorts while also keeping organizations and data private and secure. Let’s take a closer look at how.
Turning external collaboration up
There are many benefits of using a trusted CIAM solution, here’s a short list of the ones I’ve heard from CISOs are the most valuable.
- Persistent identities—Almost everyone already has a digital presence and at least one associated ID from Google, Facebook, or Microsoft. Using persistent IDs means that customers and partners can re-use their existing identity and don’t have to worry about creating an entirely new login and password. This reduces friction and improves security.
- Data transparency—When people use the same ID across multiple business and organizational systems, both they and the company have a more efficient method for reporting on data use and access. It also means that when a user request that their history be wiped or corrected, they can easily confirm that appropriate action has been taken.
- Better audit trails—Using those same IDs also supports compliance reporting, audit trails, and forensic investigations. Rather than having to stitch together multiple IDs to determine the path of an incident, like a data exfiltration event, security professionals can follow activity of a single target ID. This also streamlines compliance reporting activity reducing burdens on already overworked staff.
- Improved security—Allowing partners and customers to bring their own ID also means that robust, enterprise-ready security can be brought along. Advanced technologies like multi-factor authentication (MFA) and conditional access with step-up authentication can be applied to all users, even those that don’t work for large companies with mature identity programs.
- Enhanced experience—The best security professionals know that technology that makes users’ lives easier is the most effective. All of the above directly impact security, but if customers and partners aren’t excited about using a solution, they’ll go around it. Make sure low friction end-user experiences are supported across varied experiences from artificial intelligence (AI)-led guidance to new product and service recommendations.
In the coming days, we will share more guidance on how to collaborate securely with your business partners and other external users. Learn more about how security professionals can adapt to the increasing usage of collaboration applications and leverage risk-based Conditional Access for real-time deflection of dynamic attacks today. We hope these recommendations will help you enable uninterrupted operations for your organization in these challenging times. Stay safe and be well.