Sponsored by:
EXECUTIVE SUMMARY
Powering and Protecting the Extended Workforce with an Identity-Centric Approach
KEY TAKEAWAYS
As the supply chain evolves, identity-driven security is critical to protecting operations.
- The expanding supply chain has intensified identity security challenges.
- Third-party risks like supply chain partners, vendors, and extended workforces are presenting a growing problem for enterprise security.
- Gaps in access management processes and systems increase risk and impact productivity.
- Key elements of a solution to meet today’s identity-centric security needs.
As organizations increasingly rely on the talents of third-party vendors, partners, contractors, and an extended workforce to drive their business forward, the associated risks grow.
Managing the identities and access of this distributed workforce often relies on ad hoc, manual processes, decreasing business productivity and increasing security vulnerabilities. A centralized, identity-centric approach to protecting and managing the extended workforce, including third-party vendors, partners, and contractors, streamlines security, access, and risk management.
EY provides consulting, assurance, tax, and transaction services to help solve its clients’ toughest challenges, including identity access management. With intelligence access governance for employees, third parties, and machines, Saviynt’s centralized, policy-driven identity and access management (IAM) solution protects businesses against unauthorized access, improves collaboration within and outside of the organization, and enables efficiency gains across the business.
Powering and Protecting the Extended Workforce with an Identity-Centric Approach
Discover how to protect and manage your extended workforce, including third-party vendors, partners, and contractors, with a centralized, identity-centric approach.
Speakers
Michael Davis
Principal – Cybersecurity,
EY
EY
Jeff Margolies
Chief Product and Strategy Officer,
Saviynt
Saviynt
Context
The presenters discussed the growing security challenges of an ever-expanding supply chain and how IAM plays a key role in addressing those challenges.
As the supply chain evolves, identity-driven security is critical to protecting operations.
An organization’s supply chain can be a differentiator both in capturing the market and bringing new services and products to the market in an efficient manner. Yet, many organizations today struggle with supply chain enablement, often due to a lack of visibility and transparency across integrated functions.
To improve the supply chain, companies are focusing on efforts to modernize manufacturing, distribution, and transportation and leveraging data-driven intelligence to improve operations. With this rising investment in digitization — along with growing expansion to third- and even fourth-party suppliers — identity-driven security becomes even more critical to protecting the business.
“As we evolve, there’s going to be a high degree of emphasis that we’re going to place on ensuring that we know who the actors are that are participating, what they have access to, and what we need to do to provide the greatest amount of transparency.”
— Michael Davis, Principal – Cybersecurity, EY
The expanding supply chain has intensified identity security challenges.
Everyone and everything — whether physical or digital — has an identity. Physical identities might include people, such as customers and employees, or operational technology and infrastructure, while digital identities comprise non-physical accounts and capabilities, such as bots, APIs, and virtual services.
Robust IAM depends on upholding policies in real time for hundreds of thousands of people, millions of machines, thousands of applications, and enormous volumes of data and associated data management regulations. Beyond real-time access management, IAM must also maintain detailed historical data to support improved, rapid response in case of a security event. Without a centralized, scalable solution for IAM, organizations face significant challenges to increasing security and productivity.
Third-party risks like supply chain partners, vendors, and extended workforces are presenting a growing problem for enterprise security.
As companies pursue productivity gains that come from supply chain modernization and digitization, more workforce resources are required to help with the digital transformation. This is driving an increase in engagement with the external — or extended — workforce (e.g., contingent workers, independent contractors, freelancers).
Although the extended workforce helps organizations speed their journey to digitization, the practice also opens enterprises to new risks:
Compromise
Compromise
The extended workforce comprises people who are not employees, but who need access to internal systems to more actively manage the supply chain.
Visibility
Visibility
A lack of visibility into the external identities, what actions they can take, and difficulties in managing those identities can present serious security risks.
Unseen risks
Unseen risks
An increase in technology-to-technology interactions can expose systems to unseen risks, especially as the supply chain extends beyond immediate suppliers.
Temporary workers
Temporary workers
As the percentage of temporary workers increases, rapid access management capabilities applied to a growing number of identities are necessary to reduce risk.
Gaps in access management processes and systems increase risk and impact productivity.
Communication issues
Lack of visibility
Access management
Communication issues
Poor or nonexistent cross-departmental communication and oversight also contribute to uncertainty about appropriate access. Without a good IAM solution, maintaining and auditing access becomes much more difficult and often exponentially more challenging when moving beyond the human extended workforce to non-human entities.
Communication issues
Lack of visibility
Access management
Lack of visibility
A lack of visibility results in countless, non-value-add manual processes that take significant time to execute — time that could be used on more productive business operations. When management and responsibility for the extended workforce are distributed across different business units, access for third-party workers is often not removed in a timely manner or not removed at all. Without closed-loop account remediation, the attack surface expands for threat actors to gain unauthorized access to the system using dormant and orphaned accounts.
Communication issues
Lack of visibility
Access management
Access Management
Distributed access management processes mean organizations must spend more time cleaning up stale accounts to reduce identity risk. Organizations that rely heavily on a seasonal workforce often sacrifice security for increased productivity and more rapid revenue generation. This can encourage account sharing and/or granting machine accounts access to more than what is necessary. Shared access and overprovisioning of access expand the attack surface, greatly increasing risk.
Key elements of a solution to meet today’s identity-centric security needs.
Competitive Risk Protection
Security strategies must be aligned to business strategy to stay competitive and protect the business against risk. Security teams need to consider solutions that not only meet regulatory requirements, manage security risks, and stay current with active threats, but also do so in a way that best supports business goals.
Centralized System
A centralized identity and access management solution that integrates into distributed business processes offers benefits beyond security and risk reduction and increases compliance with industry regulations. By leveraging integration and automation to grant and revoke access at scale — and by reducing the number of systems workers must verify against to gain access — time usually spent manually executing these tasks can instead be transferred to other business enablers.
User Friendly Tool
A solution that reduces friction for end users is critical to adoption. A tool that is easy to use will encourage end users to do the right thing rather than find ways to bypass cumbersome requirements.
“If your decision makers are on the line, they should still be the ones making the decision, but we want to enable them with a centralized platform that is able to meet the requirements of the business.”
— Jeff Margolies, Chief Product and Strategy Officer, Saviynt
Additional Resources
Powering and Protecting the Extended Workforce with an Identity-Centric Approach
The presenters discussed the growing security challenges of an ever-expanding supply chain and how IAM plays a key role in addressing those challenges.
Powering and Protecting the Extended Workforce with an Identity-Centric Approach
Discover how to protect and manage your extended workforce, including third-party vendors, partners, and contractors, with a centralized, identity-centric approach.
External Identity
Management:
External Access Control
Management:
External Access Control
External access control makes it easy for employees, contractors, and partners to access the applications, systems, and data they need from day one with the #1 converged identity platform.
