How to make friends outsourcing and outstaffing with authentication systems
The systems of identification and authentication (IDM or IAM) stopped being something exotic for specialists of IT and cybersecurity services for a long time. Many companies put IDM in the head of the information security system, any protected environment begins with questions of access control. Nevertheless practice of use of similar solutions bared also a number of problems. One of them – interaction of the company which implemented an IDM system with outsourcing and autstaffingovy partners at whom the IDM solution can not be.
The directory of authentication systems and projects is available on TAdviser.
Content |
There is a universal and effective solution to this problem. At the same time It should be noted that the matter is relevant first of all for enough large companies: at them the processes connected with outsourcing or outstaffing are frequent.
However now scope of these two schemes of interaction of the organizations quickly extends, taking not only averages, but also absolutely small enterprises and so-called business networks. And it is a long-term trend of development of many markets. Therefore effective "cross-border" implementation of IDM is really important for the company of any size.
Heart of the matter
At creation of any IDM system there is a need to integrate it with the entrusted information source. In most cases the personnel system of the enterprise acts as such source – but it allows to conduct personnel office-work only on the employees.
It turns out that IDM manages access to information resources of the company only of her own workers. And as soon as there comes the moment when to these resources dostupsotrudnik of the enterprises partners should receive, usually there is a stupor. Personnel officers will never take the responsibility on maintaining in the personnel system of any third parties who are not employees of the company and are not connected by personal contractual commitments yet. Moreover, the personnel officer has also no information on staff changes at other enterprise. Naturally, neither cybersecurity, nor IT service such share of responsibility will also not be undertaken. And at such situation it is impossible to speak about control automation by access by means of an IDM system.
The problem seems unsolvable, but the solution exists. It works by the principle "all ingenious – simply". It is essentially important to realize what the main disputed issue is the question of responsibility – who will conduct base with these employees? Personnel, service IT or service cybersecurity, or someone else? Actually, this "someone else" is also a crucial element – it is necessary to give access control of the company partner.
Below management model by access when using the IDM solution taking into account such principle is given. For an example we will speak about fictional company "Kompaniya".
Task and solution
Task: In Kompanii the IDM system is implemented. It is necessary to implement an effective procedure for granting of access to its resources to a set of the enterprises partners. At the same time the created mechanism should provide the minimum involvement of services "Kompanii" in process of providing such access. Besides the mechanism of implementation should provide for each partner the set of information systems – and a set of roles in these systems.
Besides, the authorized staff of Company should have a possibility of audit of the issued access rights to employees of partners and also the mechanism of a response and/or correction of these rights.
Solution: In corporate network "Kompanii" the software for personnel records of employees of partners is developed. It can be done using both paid, and free software. This stage has the mass of options of implementation therefore we will not stop at it in detail. Most important – that such solution was capable to conduct base on employees with the set attributes and also had the built-in system of differentiation of powers.
Further it is necessary to organize remote access of responsibles of the company partner to software of personnel records. Actually the employee of HR department of the partner should get such access. In certain cases more effectively, if, for example, the project manager is such employee. Anyway its main objective – to enter and update all necessary data of the employees to which access is provided in a system.
The last important step is development and deployment of the connector between the existing IDM system and this software. It is necessary to pay attention to that the existing IDM solution supported simultaneous operation with several entrusted sources of information on users.
Scenario of providing access
The responsible of the partner keeps in the HR systems for partners console information on the employees who work under the agreement of outsourcing or outstaffing in Company. In need of receiving dostupak to this or that resource he appoints to these employees of a role or position.
The employee of Company – in the described example is the administrator of IDM who is responsible for process of providing access – receives necessary notifications on appearance at work of the new employee of the partner and on need to approve this or that role to this employee from an IDM system. Thus, the provided scheme allows to solve an assigned task, at the same time without loading with extra work of employees of that company to which resources access is provided. Of course, this scheme of the organization of work is not unique, but it can obviously be used as best practice at the solution of similar tasks.