Third Parties Are IAM's Third Wheel

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/identity-and-access-management/167901114/security/news/240005077/third-parties-are-iam-s-third-wheel.html

By Ericka Chickowski
Contributing Writer
Dark Reading
Aug 06, 2012

The connectivity to enterprise data spurred by today's mobile and cloud 
movements have not only helped organizations to put their employees in 
touch with business critical data that improves the way they work, but 
has also enabled businesses to better connect their partners, 
contractors and vendors with data to improve enterprise workflows. But 
that persistent access to data brings with it lots of risks, and before 
organizations let someone tap into their systems they need to consider 
not only the identity and access management (IAM) concerns that 
third-party access dredges up, but also the overall data policy issues 
brought to bear.

“It’s not as much of an IAM problem as it is a data access problem," 
says Jackson Shaw, senior director of product management at Quest 
Software. "The IAM piece can control access to the systems but it can’t 
really control what happens to the data when an authorized person is 
using it.”

Whether it is price quotation systems, order management systems, product 
sales training or collaborative marketing platforms, these systems have 
undoubtedly been a part of the business process framework within 
enterprise IT for some time now. And giving third-parties access to some 
of these systems is hardly a new thing. Many companies have already 
chosen to grant network access to vendors, clients, or partners in the 
interest of making it quicker and easier to find inventory information, 
access quotes, place orders or requisitions or any number of functions 
that might make business processes more efficient.

But the increasing use of cloud service offerings--particularly in the 
case of the type of collaborative tools often used to share information 
between organizations—has served to muddy the waters on the exact 
mechanism for automating and controlling that access.

[...]