9 Tips to Managing the Identities and Access of Contingent Users

    

contingent_workers.jpg
The full-time salaried position is no longer the dominant worker classification that it was in the 1990s or even 2000s. More and more companies, focused on cutting costs, are employing contingent workers to avoid paying taxes and healthcare benefits on those workers. And more and more workers, led by millennials, are seeking contingent-based employment, desiring the flexibility and freedom that comes with those positions. This new economy we live in, defined by technology, sharing and innovation, is changing how we work.

However, contingent users aren’t confined to only those a company employs. Your customers, your partners and even your agencies are also considered contingent users because they often require access to your systems, but are not traditional, full-time employees.

Ardent | Partners, in its 2014-2015 Guidebook for Managing Non-Traditional Talent, reported that:

  • 92% of enterprises cite non-traditional talent as a moderate-to-vital aspect of their overall corporate strategy
  • 32%  of the average company’s overall workforce is considered contingent or contract-based
  • 48% of companies report that they intend to use contingent / non-traditional workforce across all enterprise initiatives

Ardent also predicted that by the end of 2017, nearly 45% of the world’s total workforce will be comprised of contingent workers, including independent contractors, statement of work-based labor, and freelancers.

The management of this growing classification of contingent users will be an area of growing importance this year and beyond, but it’s not a topic for only HR, the C-Suite or those who brought these users on board. You, as an IT Director, Systems Admin or IT Manager, are also responsible for managing these users since you’re managing their access and permissions.

Contingent users must be handled differently than regular full-time users when it comes to IT management and security. For example, contingent workers tend to change jobs more frequently than other types of workers since their job has a defined end date. And because of this consistent change in employers, they typically don’t form the same level of loyalty to their employer as other workers might.

From an identity and access management perspective, while contingent workers don’t have the same status as full-time employees, you still must apply the same discipline and thoroughness to managing their identities and access. In fact, it could be argued you need to be even more thorough since they’re more likely to be less loyal to their employer than full-time employees.

To better service the growing class of contingent users, we’ve created 9 tips to follow to help you manage the identities and access of these users. Follow these tips to keep your organization secure and also make sure you’re providing those users with the access they need, when they need it, to perform their role.

  1. Make sure those responsible for hiring have a meaningful vetting process in place for contingent workers and that it includes thorough security vetting in addition to fact checking job skills. See if a prospect has a past history or aptitude of being disloyal or dishonest to employers. A helpful way to check is to gauge the willingness of a prospect to bring customers, data or proprietary information from their prior job. If they volunteer any of those, it could be a red flag.
  2. Talk with your HR department and business line leaders about how they’re partnering with their staffing suppliers and agencies. Make sure you and your HR team are on the same page about expectations as far as background checks and vetting. If they understand the focus you’re placing on security, they hopefully will adopt a similar thoroughness in their own vetting.
  3. As new users are onboarding, work with HR to become a part of that process so that all contingent users are introduced to your security guidelines and processes. Seventy five percent of employees don’t think their company does enough to raise awareness of potential cyber threats; 58% lack understanding of what even constitutes a cyber threat. Workers want this training, so make it easy for HR to include your security session within their broader onboarding process. Offer to create an on-demand training module or even a live classroom session covering your policies, procedures and penalties.
  4. Just as you should be doing with all users, control your access points. Limit system access to only those who need it to perform their job and make sure you prevent information from being shared or walking out the door at the end of a contract. As an additional safeguard, In the course of the training mentioned in tip 3, ask employees to report instances where they find they have extra access.   
  5. Limit privileged access for contingent users to only those who need that access to perform their job. This is really taking tip 4 to another, deeper level. Some companies have a policy not to provide privileged access to contingent workers, if possible. If that’s not possible, ask managers of contingent users to give approval for elevated access to systems, limit the use of personal systems for access, and limit the ability to download data in favor of view-only interaction.
  6. Integrate your security systems so that everything is connected, including integrating physical and electronic access. If you have badges for physical access and other forms of authentication for computer access, integrate the systems so there’s a single user ID for both. This provides a better user experience and it’s easier to track an individual across all systems.  
  7. Automate your de-provisioning/offboarding process so you’re protecting yourself from potential human error. Don’t let there be a chance for someone to forget and leave access open to an orphaned account.
  8. Prioritize reporting so you can see irregular activity patterns before they become a problem. Taking a proactive approach to problems when they first begin to arise will save you headaches down the road. If possible, you could even try using your data to predict problems before they happen. 
  9. We saved the best tip for last - use the right tools! A good solution can make following the previous eight tips much easier. Use one identity and access management tool across your workforce that has out-of-the-box sponsorship functionality, automated de-provisioning and complete multi-factor authentication capabilities. 

These nine tips are intended to get you started, but they are by no means a comprehensive solution to managing contingent workers. In fact, this post is just us getting started on helping you with that. In future posts we’ll dive much deeper into these tips and other recommendations for effectively securing contingent workers within your organization.

Download Now: Contingent Workers eBook

Comments

Subscribe Here!