Evolving identity management models for securing the connected supply chain

IT Directors: a new model for supply chain security (while also enhancing it)

Our connected world – everywhere we turn, whether you’re a consumer connecting your Fitbit to your iPhone or an IT Director connecting smart sensors to your inventory and ordering systems, we’re told that the world of Internet of Things (IoT) is the new world we live in. And it is: there are more connected devices, people, things (like cars), and systems in our world today than at any point in history.

The total number of machine-to-machine connections, for example, is forecasted to grow from 5 billion to 27 billion by 2024¹, representing revenue growth from $500 billion to $1.6 trillion. The market, business and technology conditions are perfect and are the answers for both why and how we found ourselves here, but questions remain as to how companies move ahead.

How do you manage all the identities that access your enterprise? How do you give users access to the information they need for only as long as necessary? How can you keep all interactions compliant and secure regardless of the channel?

One emerging subplot involves companies that see the clear opportunities this connected world offers and the advanced and powerful role that Identity and Access Management (IAM) is taking in it. Chief Security Officers and Chief Technology Officers leading companies with large and complex supply chains now have two dominant identity management models to consider.

Identity management models: employee-centric versus holistic supply chain

If you’re that IT Director (or, in this case, maybe even a CTO or a Supply Chain executive) charged with taking advantage of a fully connected supply chain, then you’ve also probably realized the unique role that Identity and Access Management (IAM) play, and not just from a vendor connectivity perspective, but also from a data security standpoint.

There are shifting definitions for Identity Management for enterprises that are connecting their supply chains across all possible touch points. Specifically, we’re seeing the emergence of two dominant models: the traditional Inside-out model and the more holistic Outside-in model.

The traditional identity management model has been narrowly defined to provide the right information to the right user at the right time for the right reasons. It was a single directory serving as the system of record for people within an organization. It was limited to the administration, authentication and authorization of employees to provide and control access to internal network resources. It was simply a means to deliver convenient employee access via single sign-on, and to prevent people external to the company from accessing privileged information.

This is the “Inside-out” model of identity management and can be summed up primarily by provisioning employees based on the roles within their company. This model is still very real and enterprises are still solving for these issues, but, to be clear, it’s an entirely different issue than handling a community of external parties. To connect a supply chain, enterprises will need to go well beyond an employee-centric model.

Connected Supply Chain
The connected supply chain, from the Outside-in

The “Outside-in” model refers to provisioning identities to individuals and systems and things outside of but connected to the company. Enterprises are managing a growing breadth of applications like homegrown or commercial open source, on-premise or cloud SaaS, native, web and mobile.

To have a truly connected supply chain, an identity strategy needs to touch every aspect of the business (opposed to only controlling internal employee access) and extends beyond the enterprise boundary to customers, partners, suppliers, distributors, connected products and things, and the relationships between them. These relationships and connections need to be established, implemented, and managed and they represent the touch points to systems and data, which is also exactly where the security risk exists.

“This whole concept isn’t possible” (actually, companies have already started)

And where there is opportunity to connect everything to everything, there is risk in exposing information that shouldn’t be accessible. For example, one in four companies will have a major data breach within the next two years² and more than 90% of organizations aren’t fully aware of all their network devices³ are just two compelling statistics that explain quite well what’s at stake and complicated environment we’re already in.

IT and Supply Chain executives would do well with an IAM-centric IoT solution that uses a combination of protocols with built-in regulation and compliance management, and that is centrally managed throughout the entire identity lifecycle of both internal and external users as well as their access to resources across the extended enterprise. Such a platform exists and you can learn more here.

In the connected world we live in, the Inside-out and Outside-in models answer two very different questions. Matching and managing internal employees to internal systems and resources is one thing, and it’s very much a thing still, but it’s not the same as connecting a supply chain community that has IOT expectations: these are simply two different outcomes. Extending one technology to the other might work as an optimistic philosophy in conversation but (and I’m looking especially at you IT Directors out there) we all know that applying an enterprise technology to a different use case will likely end in headaches related to missed deadlines, bloated budgets, and maybe even your next security breach.

¹ Machina Research, “M2M Global Forecast & Analysis 2014-24; June 24, 2015”. 
² Ponenon Institute, “2017 Cost of Data Breach Study,” June 2017.
³ OpenText, “Secure access to enterprise information with identity and access management, 2017”.

John Notman

John is a Director of Product Marketing for OpenText’s recently acquired Identity Platform. His experience spans multiple marketing roles in various B2B organizations serving both the retail supply chain and legal information industries.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *