To achieve your goals and respond well to market opportunities and threats, it is increasingly essential to collaborate with third parties.
By third parties, we mean your suppliers, partners, contractors, freelancers and volunteers who are not employed by your organisation and therefore do not appear in the HRM system. To work successfully with your third parties, their digital identities often need to access specific systems and applications in your IT landscape.
What is third-party access?
Third-party access is the process of granting, managing and revoking access to (parts of) your IT landscape. It also applies to third parties who should be given access to IT systems and applications via an onboarding and offboarding process, in the same way as you have done for your internal employees. This gives them access to the right information at the right time.
Why is it important?
You need to record the digital identities of your suppliers’ and partners’ employees somewhere to control access to your IT landscape. Unfortunately, traditional HR systems and the processes around them are often not properly set up to record the digital data of third parties. This often leads to ad hoc solutions that are fraught with security risks, time-consuming and often costly as a result.
The ‘Data Risk in the Third-Party Ecosystem’ study by the Ponemon Institute* shows that few companies keep a comprehensive record of all the third parties with whom they share information. Indeed, 61% of respondents say they do not have such an overview, and 6% of respondents say they are not sure.
While 32% of respondents have an overview of third parties, 68% of them admit that the overview does not include all of the third parties their organisation has a relationship with and which may have access to their sensitive and confidential information.
This is one of the reasons why 59% of respondents have experienced a data breach caused by third-party digital identities, 54% of which took place in the past 12 months.
And that is why there is an urgent need for a solution to securely capture, validate and verify third-party identity data.
*Source cited: The 2022 ‘Data Risk in the Third-Party Ecosystem’ study by the Ponemon Institute.
Example: A global technology manufacturer with local service partners
To create an excellent customer experience, a global technology manufacturer works with a network of local service partners to carry out maintenance on its products and resolve any malfunctions or problems.
Service partner employees are not employed by the manufacturer, but are contracted by the service partner itself. Therefore, they are considered to be external identities by the manufacturer. These external identities need to access specific applications in the IT landscape and, like the manufacturer’s employees, they need a digital identity.
The identity data of the manufacturer’s employees is managed in a central HR system of the manufacturer. Based on this identity data and via an automated connection, digital identities are created in the manufacturer’s IAM solution. For these digital identities, access and rights for the IT landscape are also issued and managed in the IAM solution.
As the identity data of external employees are not stored in the HR system, a digital identity cannot be created for them in the IAM solution, and they cannot access applications in the IT landscape in a controlled way.
To solve this challenge, the manufacturer started to use a second centralised source system, where each service partner employee can be added and managed by the service partner itself. The identity data is then sent to the manufacturer’s IAM solution.
By capturing and maintaining identity data in a purpose-built application, you create a pure source system for third parties that you can seamlessly connect to your Identity & Access Management solution.
How does iD Veritas help?
iD Veritas enables you to carry out the onboarding and offboarding processes for external identities in a safe, efficient and controlled way. You are in firm control of the entire lifecycle. You can achieve this in five steps:
- All external identities in iD Veritas
Manually enter all external identities into iD Veritas, upload a CSV overview or connect iD Veritas to your supplier’s database (via an API). This creates one central source of clean data of your organisation’s external identities. - The lifecycle of external identities
External identities join your organisation; their role or function may change over time and, at a certain point, their contract ends. iD Veritas lets you manage and automate the complete lifecycle (also known as the Joiner-Mover-Leaver process) of your external identities.
How does this work in practice? iD Veritas automatically sends your IAM solution a notice when the end date of an external identity’s contract approaches, so the IAM solution can revoke the associated access and rights. Safe and controlled! - Connecting to an IAM solution
iD Veritas can be connected to any Identity and Access Management solution on the market. iD Veritas uses open standards (such as an API) to send and receive information to and from your IAM solution. Your IAM partner can handle this connection between iD Veritas and your IAM solution. If you do not have an IAM partner, then The Identity Managers are here to help you. - Outsourcing the work to your suppliers or resourcing partners
You have the option of outsourcing the management of external identity data to your resourcing partners. For example, you outsource administrative work such as the entry, modification and deletion of your external identities. All your organisation has to do after that is validate the information that was entered. Easy and efficient! - Maintaining control and visibility
Thanks to the security-by-design architecture and privacy-by-default functionality for the absolute separation of data, you can safely manage the identity data of your external identities. Standard functionalities such as a recertification process and extensive reporting possibilities not only put you firmly in control but enable you to demonstrate it as well. This makes it a lot easier to comply with laws and regulations.
Contact
If you would like to know more about the possibilities of managing external identities with iD Veritas, then contact us on 088-9982020, sales@id-veritas.com.
We look forward to hearing from you!