Supply chains are becoming more complex, and the volume of information shared between partners is growing.
This is increasing the chances of a data breach that damages an organisation’s reputation and financial standing, such as the one suffered by US retailer Target in late 2013 (due to compromised supplier credentials). The impact is still being felt by the company and its supply chain.
So what can be done to strengthen identity and access management (IAM) systems?
Structured processes are needed to determine what information should be shared with third parties, and how to accomplish this efficiently and securely. ISF research has produced eight recommendations to develop these processes:
Build a business case that helps to reduce time, overheads and complexity for users and maximise use of pre-existing identity and access management systems.
Determine the scope of the programme, to fully understand what applications and systems will be included and identify regulatory or legal constraints.
Establish a governance framework, to maximise alignment with organisational policies.
Define a set of technical standards, to ensure the best possible levels of interoperability and security.
Run a pilot, to refine the business case and identify the best approaches for deployment.
Integrate the programme into existing systems and general IT processes, to support other critical business systems and applications.
Define an approach for managing relationships with partners, and build this into the contracting phase of the relationship.
Create a repeatable process, to ensure consistency and sustainability of the overall system.
Following these recommendations will help organisations to extend IAM to third parties with greater confidence. This will increase security and help to keep your organisation’s data where it belongs, with you and those you trust.
Dave Clemente is a senior research analyst with the Information Security Forum.
Email Alerts
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Read More
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK
This was first published in September 2014