Recently, Jennifer Kraxner, director of Product Market Advisory at SecZetta, was featured in the Identity at the Center podcast, Third-Party Risk with Jen Kraxner. Speaking with hosts Jim McDonald and Jeff Steadman, Kraxner discussed the convergence of third-party risk management and identity, as well as the importance of having accurate, always up-to-date, authoritative sources for all identities in the organization.

At SecZetta, Kraxner works with customers to help close security gaps that surround third-party identities, which can include an organization’s vendors, affiliates, seasonal employees, non-human workers, and supply chain personnel.

“Organizations spend a lot of time vetting third parties…from a cybersecurity perspective, from a business resiliency perspective…and that assessment provides you with very valuable details,” Kraxner says on the podcast, “But often that valuable information just sits in a silo.  Why aren’t you using that information to decide how you should treat the access provided to third parties?  There are a lot of ways that you can use third-party risk information to influence identity and access, and so many companies just aren’t taking advantage of it.”

Kraxner would like to see more organizations recognize and take advantage of the synergies. “My main goal is to get people to think about it,” says Kraxner, “Don’t silo these things. It’s all incredibly valuable information.”

When answering McDonald and Steadman’s questions about how SecZetta’s platform can help organizations, Kraxner described SecZetta’s value to customers who provide access to third-party non-employees.  Using SecZetta to create an identity authority helps customers ensure that identity programs have the contextual data they need to make well-informed decisions about access for third-party identities from initial provisioning and throughout the lifecycle of the users.

SecZetta enables an organization to consider important data points (both vendor data and personal data) that help to assess identity risk BEFORE access is granted. This type of information is collected:

• …does the individual come from a high-risk vendor?
• …is he/she a fully remote worker?
• …do they have access to privileged systems?
• …how long will this individual need access to these systems?

This information provides data points that are reflected in the users individual risk score, so the host organization is aware of the overall risk posed by the individual user and can be used to make appropriate decisions about access.

“SecZetta approaches identity from the point of view of risk,” says Kraxner, ”We put in place ways to aggregate those risk scores. We put in ways to provide visibility, but also to allow all of that risk to inform smart identity decisions in other systems.”

SecZetta enables organizations to create a single identity authority for all third-party identities to ensure that they’re properly onboarded, authenticated, maintained, and offboarded. To speak with an expert like Kraxner so you learn more about how SecZetta can help your organization, please email us at [email protected] or call us at +1.781. 832.0767.

You can listen to Identity at the Center’s Episode #113: “Third-Party Risk with Jen Kraxner” right here.