Organizations are increasingly using third-party providers and their resources to augment their internal workforces. Twenty years ago, less than five percent of a company’s staff was external; now estimates indicate that the proportion is 50 percent or greater in some industries. Today’s IT infrastructures are increasingly heterogeneous, which adds to the complexity of managing this diversified workforce. New technology, including Software as a Service (SaaS) offerings and social collaboration systems, along with a growing reliance on mobile technology, have introduced new challenges as organizations continue to implement disparate systems to achieve their business goals. Identity management is where these two spheres overlap.
Organizations can protect themselves and improve their business processes by implementing a solution that can help manage the growing population of non-employee personnel.
Every company has its own unique requirements, so identity management is not necessarily a one-size-fits-all solution. While there are fundamental aspects that underlie all identity management processes, the level of complexity varies based on individual company needs. Where one company might only track names and dates, another might track more detailed and diverse data. Some organizations choose to disconnect identity management of non-employees from internal systems, while others expect full integration with HR, security and access-provisioning systems.
As your organization considers implementing an identity management system, it is important to assess your current situation and formulate a transition plan that will bring you to a best-in-class state. It is impossible to lay an effective process over an unstable foundation. To ensure success, consider the following:
- What are your specific requirements? Global implementation will require a thorough assessment of the different on/off-boarding and access requirements that apply to different regions. The data you are able and/or allowed to collect varies from country to country. Facilities access is a key consideration for third-party resources, along with security requirements like background checks and drug tests. Also, be sure to assess any tenure or internal compliance considerations when formulating your plan and consider whether billing is part of the identity management landscape. In some scenarios, your solution will need to handle both billable and non-billable resources (for example, board members) that need access to your business systems.
- How will you uniquely track individuals? Third-party resources are complex to identify and manage because they often have multiple “identities” within an organization. It is common for resources to move between suppliers and departments and for a single resource to be both billable and non-billable. You must implement a process that ensures the accurate collection of data and enables you to truly, uniquely identify each resource.
- Will you be implementing a self-service or managed solution? The type of program you implement may be driven by cultural factors within your organization or by the complexity of the process. Some companies are fiercely self-service oriented, and their users will only accept a process over which they have total control. Factors like technical internal system limitations may demand the introduction of a managing entity to assist in the on/off-boarding process. Part of this decision may be driven by whether you implement a stand-alone identity management system or leverage functionality in another existing system, such as a VMS.
- How will you handle asset provisioning? When a manager within your organization engages a new resource, they want to be able to quickly and easily request the necessary assets — laptops, smartphones, tablets, badges and so on. The process and system you implement must meet that requirement to drive efficiency and adoption. Timely, easy retrieval of those assets is equally important. Most people think of retrieval in terms of cost containment, but your company’s intellectual property and security are equally important assets. Ensure that you can identify which assets are out, who has them, when retrieval is scheduled and which party is responsible for ensuring their return — at any time.
Achieving best-in-class identity management can be a long journey — but it starts with a single step. By developing a comprehensive strategy that carefully considers the nuances of your business, you can develop a system and program that ensures you can effectively on/off-board third-party resources and provision and recover assets with full visibility so that you can optimize security and get the best results.
Peter Parks is vice president of product management at Provade. He is responsible for Provade’s product road map, customer support and partner relations. Peter is a founding employee and brings over 15 years of staffing, MSP and VMS experience. He is also directly involved in sales, using the interaction with prospective customers as valuable input to the product road map.