GlobalSign Petteri Ihalainen 12-05-14

Turning Identity Inside and Out: IAM Meets The Extended Enterprise

IAM Meets The Extended Enterprise

Company boundaries are blurring as businesses interact closely and utilize online services in growing numbers. Business ecosystems include different stakeholders including customers, partners, and subcontractors to owners and investors. Each stakeholder has their own business processes, infrastructure, and identities. As the number of external stakeholders grows, so, too, does the need to better manage these identities.

It is not enough today to know who is accessing your online services, but also in which role / capacity they enter, or who they represent.

Traditional identity management solutions, which concentrate on provisioning employee identities from the HR-system to the Active Directory, and providing Single Sign-On to internal applications, are ill-suited for this situation. New ways of thinking are required to improve convenience and loyalty towards customers, to deploy secure online services, to minimize the cost in customer acquisition and external identity management.

Internal vs External identities

The business drivers behind an Identity Management or Identity Relationship Management deployment — regulatory demands, desire to cut cost, improve security – differ when what’s at issue is internal vs external identities. This translates to different demands to the solutions companies need to select in order to satisfy the business objectives.

idenity-services

Productivity vs Convenience

A Single Sign-On deployment is likely required for both internal vs external facing use cases, but the driver might be different and skew the importance of the feature set that is required. Internally the wish is to increase productivity by enabling employees to login into company applications without repeated password entry. For external identities SSO brings convenience for the business customer as they can login from their corporate network to the online services with their own business IDs.

Compliance

Where the focus of internal identities is compliance with security policy, with external identities, compliance likely means adhering to local regulations where access to sensitive information may require the use of a credential which has a security level described by the local legislation / regulation (e.g. NIST or STORK).

Efficiency vs Customer Acquisition

Workflows such as inviting people to use a service or requesting access privileges with the tools the IAM provides can improve internal efficiency. But for external identities the driver is to facilitate customer acquisition process by enabling e.g. sales people to invite leads and customers to use the services directly from the CRM.

Audit vs Lead and Customer Tracking

Internal identities certainly need good audit trails, but for external identities the same audit trail has monetization potential – when it can help better target existing customers with upsell opportunities and converting leads into paying customers faster.

Standardization vs Openness

An internal corporate network gravitates towards standardization, whereas the external networks that a B2B service provider wants to connect will remain heterogeneous and diverse.

Centralized vs Distributed and Heterogeneous

Again the underlying technology would be the identity provider and much the same way as in standardization companies wish to centralize the access policies and decision points. Externally the identity provider also should support decision-making points within the customer organization which can permit access and let the customers manage their own privileges. This means that even though internally the company might select a single standard or process to follow, for external connected identities and networks, they need to embrace diverse options.

Internal Control vs Outsourced & Tiered Management

Employees and their access credentials as well as authorization should be controlled internally. Externally it makes much more sense to let the customer organization attach (authorize) access privileges to their employees. This would save a lot of effort for the company offering the online service to external companies i.e. customers.

Ownership vs Trust

identity

Companies want to own their employee identities at least to some extent. The concept of Bring Your Own ID (BYOID) might change this slightly, yet the company would want to retain control over access privileges (roles, authorizations). For external identities, at issue is defining trust – since the online service provider should be able to trust the identities coming from the customer domain, and trust that their access privileges are properly maintained within the customer organization.

Organizations have a tremendous opportunity to enable new business models with significant impact on the bottom line – and that includes all kinds of organizations, from service provider, manufacturer, utility company, retailer, financial or healthcare institute, or even the government. As more interactions and assets move online, providing the right identity and lifecycle management services will become fundamental to creating new business paradigms and ensuring trust.

By Petteri Ihalainen

Petteri Ihalainen

Petteri Ihalainen is a IAM product manager

Global Public Cloud Spending To Double By 2020

Global Public Cloud Spending To Double By 2020

The Cloud and Endpoint Modeling The worldwide migration of IT resources to the public cloud continues, at a head-spinning pace. Global public-cloud spending was forecast to reach $96.5 billion in 2016, according to IDC — ...
5 Ways the Cloud and IoT Have Transformed the Transportation Industry

5 Ways the Cloud and IoT Have Transformed the Transportation Industry

IoT Transportation Industry The Internet of Things has caused many industries to evolve - but few more than transportation. Here are just a few ways it’s changed the delivery of goods. Remember when websites like ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have been aware of ransomware for almost a decade. Observed instances had been steadily rising, with ...
Secure Business Agility

Contrary to popular belief, a pro-privacy stance is good for business

Pro-Privacy Stance Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the General Data Protection Regulation. As a board advisor at Universal Patient Key, we've often talked about ...
Four Trends and Realities Confronting Security Today

Four Trends and Realities Confronting Security Today

Realities Confronting Security Today, the number of attempted data breaches, cyber attacks, and other bad behavior by bad actors continues to go up at an alarming rate. Worse, it’s clear we can only expect the ...
The Lighter Side Of The Cloud - F96qL#5
The Lighter Side Of The Cloud - Without A Signal
The Lighter Side Of The Cloud - Low Tech
The Lighter Side Of The Cloud - Fear Of Heights
The Lighter Of The Cloud - Virtual Lunch Break
The Lighter Side Of The Cloud - Snowball Effect
The Lighter Side Of The Cloud - Virtual Office Space
The Lighter Side Of The Cloud - Playing It Safe
The Lighter Side Of The Cloud - The Robo-Revolution

CLOUDBUZZ NEWS

Kaspersky Lab to open Swiss data center to combat spying allegations

Kaspersky Lab to open Swiss data center to combat spying allegations

LONDON (Reuters) - Moscow-based Kaspersky Lab plans to open a data center in Switzerland by the end of next year to help address Western government concerns that Russia exploits its anti-virus software to spy on ...
China Approves Toshiba's $18 Billion Sale of Its Memory-Chip Unit

China Approves Toshiba’s $18 Billion Sale of Its Memory-Chip Unit

TOKYO—Private-equity firm Bain Capital received approval from Chinese antitrust regulators for its deal to buy Toshiba Corp.’s memory-chip unit, a person familiar with the matter said Thursday. A Bain-led consortium reached the $18 billion deal ...
Sumo Logic and Partners to Host NYC DevOps Event with Dr. Nicole Forsgren

Sumo Logic and Partners to Host NYC DevOps Event with Dr. Nicole Forsgren

REDWOOD CITY, Calif., May 17, 2018 (GLOBE NEWSWIRE) -- Sumo Logic, the leading cloud-native, machine data analytics platform that delivers continuous intelligence, today announced it is hosting a DevOps industry event at the Eventi Hotel in New ...