Episode 123 - GluuFederation/identerati-office-hours GitHub Wiki

Title: Outsiders Within: Managing Access in the Extended Enterprise

Channels

Description

In today’s hyper-connected business landscape, the lines between internal and external users have all but disappeared. Contractors, third-party vendors, freelancers, offshore teams, and business partners collectively known as the extended workforce, which is nearly 50% of the modern enterprise's operational ecosystem (Gartner, 2024). These “outsiders within” often have privileged access to critical systems, sensitive data, and customer environments, yet remain outside traditional HR and IT controls.

This shift has made third-party access governance (TPAG) a board-level concern, especially as high-profile breaches increasingly trace back to compromised vendor accounts. The 2023 IBM Cost of a Data Breach Report revealed that breaches involving third parties cost 25% more on average than those involving internal actors.

The Challenge: High Access, Low Visibility--managing the extended enterprise introduces complex challenges:

  1. Fragmented Identity Lifecycle: Unlike employees, external users aren't consistently onboarded through HR systems, resulting in inconsistent identity creation and delayed deprovisioning.
  2. Over-Provisioned Access: Vendors often retain access long after contracts end. Studies show that 75% of enterprises lack visibility into third-party access beyond initial onboarding (Ponemon Institute, 2023)
  3. No Unified Governance: External users often span across multiple business units, geographies, and access channels (on-prem, SaaS, IaaS), leading to siloed and ungoverned identities.
  4. Risk of Compliance Violations: Regulations like GDPR, HIPAA, SOX, and NIST 800-53 require detailed audit trails of “who accessed what and when.” Without centralized access tracking, compliance becomes both expensive and error-prone.

The Solution: Identity-Centric Access Governance

Modern identity platforms are transforming how organizations manage the extended workforce. Leading solutions such as Saviynt, SailPoint, and Okta are tackling the problem head-on by offering:

  • Third-Party Identity Lifecycle Management
  • Risk-Based Access Certification
  • Periodic and event-driven access reviews specific to extended users.
  • Integration of risk intelligence (e.g., peer access comparison, usage analytics) to drive smarter decisions.
  • Just-in-Time (JIT) Access & Time-Bound Roles
  • Support for temporary roles with built-in expiration. "Outsiders Within" are no longer a fringe risk—they are a core operational reality. The enterprises that thrive will be those who govern them well.

Homework

Takeaways

TBD

Livestream Audio Archive

Will be Here