Supply chains are becoming more complex, and the volume of information shared between partners is growing.
This is increasing the chances of a data breach that damages an organisation’s reputation and financial standing, such as the one suffered by US retailer Target in late 2013 (due to compromised supplier credentials). The impact is still being felt by the company and its supply chain.
So what can be done to strengthen identity and access management (IAM) systems?
Structured processes are needed to determine what information should be shared with third parties, and how to accomplish this efficiently and securely. ISF research has produced eight recommendations to develop these processes:
- Build a business case that helps to reduce time, overheads and complexity for users and maximise use of pre-existing identity and access management systems.
more on extending IAM to third parties
- Extending IAM to third parties is not about IT alone
- Security Think Tank: Pseudonimity key to extending IAM reach
- Security Think Tank: IAM can improve security and cut costs
- Security Think Tank: Extending IAM controls to third parties
- Security Think Tank: Apply internal security rules to third parties
- Establish a governance framework, to maximise alignment with organisational policies.
- Define a set of technical standards, to ensure the best possible levels of interoperability and security.
- Run a pilot, to refine the business case and identify the best approaches for deployment.
- Integrate the programme into existing systems and general IT processes, to support other critical business systems and applications.
- Define an approach for managing relationships with partners, and build this into the contracting phase of the relationship.
- Create a repeatable process, to ensure consistency and sustainability of the overall system.
Following these recommendations will help organisations to extend IAM to third parties with greater confidence. This will increase security and help to keep your organisation’s data where it belongs, with you and those you trust.
Dave Clemente is a senior research analyst with the Information Security Forum.