Where’s the Authority in Identity?: Part II
Time to Clean Out Your Organization’s Identity Junk Drawer
This is a two-part blog series. You can read Part 1 here.
We all have it… a drawer in the house that seems to accumulate stuff that we can’t otherwise find a good place for. The drawer we check when we need a rubber band, a pen, or that little wrench to tighten the leg on the stool we bought three years ago at Target. The drawer that won’t close every now and again because it catches on the wadded-up charging cable that you’re scared to throw away because you don’t actually know what it’s for.
Identity programs have junk drawers too. Sometimes it’s an HR system… sometimes it’s an IGA tool… sometimes it’s a home-grown database or a spreadsheet. While the original intent was for these systems to house useful data and serve a specific purpose (e.g., an authoritative source), they become junk drawers when we start filling them simply because we don’t know where else to put something… the same reason that little wrench and that unknown charging cable end up in that drawer.
IGA solutions’ and identity processes’ reliance on authoritative sources has the unintended consequence of spawning junk drawers. If authoritative data is not easily accessible (as in a HRIS), organizations do one of two things:
- Use another source that has data but may not be that trustworthy over time (e.g., service desk tickets, emails, spreadsheets, etc.), or:
- Build something to house that data, which also typically involves a spreadsheet (the dreaded flat file!) or a clunky, difficult to use and impossible to maintain database.
Both of these stopgaps eventually result in junk data that clutters up these repositories and, what’s worse, misinforms access decisions.
Much like the junk drawer, when we dig through these repositories every few years, we’re surprised and discouraged to find the crud we should’ve thrown out long ago is still cluttering it up. Unfortunately, when it comes to junk identity data, the consequences of accumulating outdated and inaccurate data can be much worse than unavailable space in a kitchen drawer…
- Higher likelihood of a serious breach. 59% of companies have experienced a third-party breach, and 74% of organizations attribute their data breaches to giving too much privileged access to third parties.
- Adding third parties to your HRIS can expose the organization to misclassification and co-employment litigation.
- It is expensive; HRIS costs scale up to $200/USD per record. Spending $200 for a contractor who is only going to be working with an organization for two weeks is an expensive ask!
Luckily, organizations have resources at their disposal that can eliminate the need for a junk drawer, significantly reducing these risks (and costs). Through automation, collaboration, and consolidation, SecZetta, the authority of digital identity trust, can be the Marie Kondo for your organization’s identity program!
SecZetta’s solutions enable organizations to execute risk-based identity access and lifecycle strategies for all non-employees requesting access to their data or systems. Because the solution is purpose-built, it’s uniquely able to manage the complex relationships organizations have with non-employees in a single, easy-to-use application that simultaneously helps facilitate commercial initiatives, support regulatory compliance, and reduce third-party risk. SecZetta is trusted by Airbus, Cargill, MARS, Mayo Clinic, Oregon Health & Science University, and more.