By Dave Pignolet
We’re in the midst of a pandemic, staring down the barrel of global economic uncertainty. Almost every organization worldwide has been forced to chart new courses in how they conduct business. For many, this has meant an immediate pivot to a remote workforce, and for others it is a rush to onboard new third-party resources urgently needed to fill critical operational gaps.
While things may appear bleak at times, we have witnessed encouraging glimmers of operational excellence exhibited by some of the most well-prepared organizations across the country. In particular, we have seen healthcare customers that were able to immediately identify and onboard large numbers of supplemental third-party workers to meet rising patient-care needs, as well as organizations (across industries) quickly and securely shift the majority of their teams – both employees and non-employees – to work remotely. These successes weren’t the outcome of just business continuity management (BCM) plans, but rather the result of operational agility gained from well-executed identity risk management strategies in the age of digital transformation.
Oftentimes, people equate risk management with being risk adverse, but the opposite is actually true. Good risk management enables operational agility and that is what allows some organizations to adopt business strategies that others cannot. The good news is that implementing a good risk management strategy for third-party identities can be easier and faster than you would imagine. We’ve seen enterprise customers roll out operationally ready solutions in only a matter of days.
Let’s take a look at five areas where organizations can focus right now — even while working from home — to increase operational agility and reduce risk:
- Get skilled resources where you need them. Even outside of times of crisis, organizational priorities can shift and this means resources need to shift, too. Make sure you have centralized access to key data like skillsets, locations, and certifications for both your employees and non-employees so you can quickly move resources to where they can add the most value.
- Quickly and accurately add new third-party users. Organizations spend a lot of time performing requisite audits, making staff reassignments, and then identifying qualified non-employees desperately needed to fill the gaps, but then can’t onboard them in a timely and cost-effective manner. Ensure that onboarding is fast, efficient, and secure with automated workflows that can reduce processes from days to hours.
- Assess if third-party users still need their access. Another implication of shifting priorities is that projects can be postponed or even canceled. Organizations need to conduct audits regularly, and especially in times of crisis, of their non-employee resources to ensure least privilege. Does the non-employee still need the access they have been granted? Equally important is identifying business critical deliverables performed by third parties and ensuring that they maintain needed access.
- Provision third-party users for remote work. Non-employees are increasingly critical to day-to day operations and this does not change in times of crisis and uncertainty. Yet, most organizations lack residential locations for their non-employees and processes to provide them with remote access. Using external facing portals can allow non-employees and their organizational sponsors to collaborate and quickly gather important information that can be used for shipping equipment and provisioning remote access.
- Update risk ratings to reflect changes in risk exposure. In the course of regular business and in times of crisis, organizations may opt to adjust risk tolerances to reflect changes in their operational environment. Importantly, they need to quickly evaluate if these changes impact their exposure to their third-party users and if these users are still able to maintain an acceptable risk rating. If not, access may need to be adjusted until risk tolerances return to normal.
To effectively operate in a world that seems to continuously and oftentimes rapidly change, organizations need to establish a culture of operational agility. The ability to quickly pivot business strategies and operations will be the hallmark of organizations that are prepared to withstand the rigors of daily competition as well as times of crisis. Key to this success will be how to effectively manage the identity risk that comes along with the growing numbers of third parties and non-employees that have become an inextricable component of most workforces. In doing so, organizations will be able facilitate aggressive business strategies while at the same time ensuring the security of their operations.
*** This is a Security Bloggers Network syndicated blog from Blog – SecZetta authored by Nikki Rounds. Read the original post at: https://seczetta.com/blog/operational-order-and-agility/