Where we work and the way we work have undergone drastic changes in the last few years. We no longer have to be in office to access organizational information or be dependent on physical office devices thanks to the cloud and easy access through our phones. Access through multiple mobile devices from remote locations has increased the importance of an organization’s control over the identity used by an individual to access their services [1]. Identity management by definition is a set of polices about which devices and servers users are allowed to access on a network. It also enforces what a user can accomplish within applications depending on their position in an organization, job duties, location, etc [2].
Identity management associates the job description to systems and therefore HR
Identity management sounds like something the IT department should be in charge of. However, IT is dependent on HR to relay complete information about the employee, their job duties and what kind of systems they require access to complete their work. Job, title, position and related information are all stored in an HR system. When IT and HR are segregated for identity management purposes, it results in errors in the form of a mismatch between access and duties. The more frequently job duties change, the more difficult it can be for IT to keep up with the changes.
In many organizations, HR is instrumental in employee onboarding and it is usually the first department involved in employee entry and exit. Once an employee is onboarded, HR then keeps the employee’s job duties and position information up-to-date in the HRIS. However, the actual security provisioning part is left for IT to accomplish. While most IT implementations will keep HR as stakeholders for any identity management project, HR should take ownership of identity as it directly impacts the following HR goals:
1. Designing the Employee Experience
Often hiring and onboarding processes require that an email be sent to IT so that system access and security can be configured. Depending on IT priorities and schedules, getting a new employee access could take some time. Delays keep the employee from learning and interacting with the organization from day 1. With the employee experience becoming so important for motivating and retaining employees, granting access and ensuring employees are able to connect to systems they will use on a day-to-day basis before the first day of work, sets the employee up for success from the beginning. Organizations often overlook the first day experience after putting so much effort into the hiring process. Many employees who have a great first day take to social media to brag about the excellent welcome they have received. The organization’s brand is viewed in a much more positive light and can impact the ease of the recruitment process for the organization in the future.
2. Productivity.
Experienced managers know that the more quickly resources can be hired and fully on-boarded, the more productive employees are in the long run. One of the main obstacles of a smooth transition from being a new team member to a fully functioning team member is access management. Forbes reported back in 2014 that on average an organization uses 508 different applications [3]. Imagine the time spent in re-entering and tracking passwords for each of those systems and how long it can take a new employee to have their full access set up. Task automation and single sign-on can be used to reduce the time spent on setting up access, but these initiatives should be controlled and managed by HR and the job descriptions in the HRIS.
3. Securing the Organization
Security threats can arise from disgruntled employees and internal sources are one of the major causes of security breaches. It is equally important that access be revoked from terminated employees as it is for access to be quickly granted to new employees. As HR is involved with the complete employee lifecycle, it makes sense to have HR automate and control the processes to terminate employees and their system access to ensure the security loop is closed.
HR solutions like StarGarden HCM can be made the authoritative source for identity management and hence all other cloud applications used in an organization. By carefully designing who gets access to what in an organization based on the changing roles people play, HR can enhance the employee experience and add value to the company’s bottom line.
Learn how HR can play an important role in access management and hence preventing security breaches in organizations in our free eBook !
About the Author:
Marnie Larson is the CEO of StarGarden Corporation and oversees its operations in Canada, US and New Zealand. She has over 20 years’ experience in the software industry and specializes in HCM, Business process automation and Workflow technology.
Follow Marnie on Twitter: @mblarson
References:
- https://oxfordcomputergroup.co.uk/blog/linking-hr-it-identity-management/
- http://searchsecurity.techtarget.com/definition/identity-management-ID-management
- https://www.forbes.com/sites/benkepes/2014/07/31/latest-enterprise-application-use-survey-results-more-use-more-risk/#2457093e3559
- http://insights.wired.com/profiles/blogs/hr-s-role-in-identity-and-access-management#axzz4t5rXEMBK