SBN

4 Reasons a Traditional Approach to Franchisee Identity and Access Fails

The number of franchise businesses continues to grow at a steady rate, even during 2021 when many businesses were suffering. It makes sense if you think about it, as the model is quite appealing. A franchise business owner (franchisee) purchases the template and branding of a company (franchisor) – a brand that is already established and proven successful. It takes much of the risk out of starting a business – someone else has worked the kinks out of the process and you, the franchise owner, get to benefit from their lessons learned. The franchise systems and processes you purchase are established and proven to support a profitable business.  

 

As sensible as the franchise business model is, it introduces some complexities when it comes to managing franchisee identity and access. In particular, the franchisee, while associated with a franchisor, is in fact a third party when it comes to their identity and access. The franchisee is also a customer of the franchisor, as they have purchased the right to do business under the franchise name, use the franchise business processes, and generally get access to resources required to do business as a franchisee.  

 

This crossover from workforce identity to customer identity requires franchisors to strike a unique balance between workforce identity security and customer user experience. While both are important components of any identity program, those approaching it from the perspective of a franchisor encounter challenges when trying to fit franchisee employees into their identity program.

 

Outlined below are four common challenges that franchise companies often run into – challenges that can foil what could otherwise be a well-oiled identity machine. 

 

1.Franchisee’s control their own HR processes

To start with, franchisee employee lifecycle is the responsibility of the franchise owner. These owners get to control who they hire and who they fire. There may be requirements enforced by the franchisor around qualifications and background checks, but for the most part, franchise owners perform their own HR functions and are trusted to ensure these requirements are followed and track their own employee data. This means franchisee employees don’t follow the same centralized HR processes as employees of the corporate franchisor, which can create a disconnect with their identity and access flows. The bottom line?  A traditional employee identity program won’t cut it for franchise businesses.

2. Franchise owners attempt to find an easy button

Many identity teams try to account for the HR dynamic shortcomings by cobbling together processes within their existing IT or identity ecosystem. This can include building access request capabilities into their IGA solution or onboarding workflows in a ticketing system that allow franchise owners or franchisee access administrators to make ad hoc access requests for new franchisee employees. While this may get an organization closer to checking some compliance boxes around control and visibility for access, it generally works against the desired ‘frictionless user experience’ requirements for the franchisee as a customer. Most of these cobbled solutions have unfriendly user interfaces, require significant manual coordination, and in general aren’t easily utilized by franchise owners.

When a process isn’t easy, those that are forced to use it tend to do everything they can to work around it. Those franchisees responsible for trudging through the tedious process of requesting a new employee’s access may just throw their hands up and decide it’s much easier to just give them access to existing accounts, meaning access ends up being shared – a big no-no for identity security.

3.Franchise businesses turn to IGA and ITSM solutions that aren’t built for ongoing, distributed non-employee lifecycle

These cobbled together processes are often solely focused on providing a way to get new franchisee employees onboarded, completely ignoring the need for continuous maintenance and complete lifecycle support. This results in franchisee employee access remaining active well after their employment is terminated by a franchise owner.

Not only does this approach fail to enforce continuous maintenance, it also prevents a conscientious franchise owner from being able to maintain accurate details on their employees. For example, a franchise owner should only be able to see and update data (current contact details, updated title/role, etc.) for their own employees, and not the employees of other franchisees. But with limited capabilities around permissions and visibility, this basic requirement often cannot be met by HR, IGA, or ticketing solutions. Additionally, access is usually limited, meaning the burden of maintaining this franchisee access rests on very few people and certainly can’t be offloaded to the franchisee employees themselves.

4.The complex relationships of the franchise model aren’t accounted for

Another limitation of an access-centric approach is that these existing solutions aren’t built to manage the complex relationships that are common for franchises. Franchise locations can have owners, operators, managers, regional managers, customer relationship managers… the list goes on. Each of these relationships can and should inform a franchisee’s onboarding workflows, access, and lifecycle needs. Identity governance and access solutions do not have a way to maintain data about these relationships, much less utilize or apply it in a way that informs a franchisee employee’s identity and access.

 

The Solution

Franchisors that are struggling with these challenges are trying to accomplish a time-consuming, expensive, and complex process that their current systems just aren’t built for. SecZetta’s Third-Party Identity Risk solution closes the gaps that cause these challenges and integrates nicely into existing identity processes and associated solutions, so SecZetta customers don’t have to start over or build their identity program from scratch. To learn more about how SecZetta is closing the gap for franchisee identity, check out the white paper Reduce the Chaos, Costs, and Risks of Providing Access to Franchisees, Suppliers, and Vendors.

*** This is a Security Bloggers Network syndicated blog from Industry Blog - SecZetta authored by Jennifer Kraxner. Read the original post at: https://www.seczetta.com/blog-franchisee-identity-and-access-fails/