When intranets started, they were almost exclusively defined as being for “internal staff”. They were typically hosted within the internal network and no one from the outside world would be able to access anything within the intranet. The same was true with other collaboration technologies such as file shares, email, etc.
The definition of “internal staff” was very simple – anyone who worked for the company. There were no external partners, so anyone who wasn’t internal staff was considered a threat and not allowed into the network at all.
Organizations recognized that external partners could be provided similar collaboration services to benefit their internal organizations. Extranets became common solutions for uploading files, sending data, collaborating between partners and internal staff, etc. The typical solution was to treat external users as authenticated but strictly separated and to provide them their own dedicated environment that would protect internal networks from these partners.
This hard boundary between Extranet and Intranet is based on the following assumptions:
- Internal staff and external partners can be easily identified
- External partners have a very limited subset of functionality, perhaps just dropping of files or grabbing a data feed. They are not provided the equivalent services as the internal staff.
- Internal staff and external partners largely do not share the same collaboration space. Internal staff might publish some data to the extranet, but external partners cannot simply grab internal files or data.
As we move into a broader extended enterprise, this division between Internal Staff and External Partners is blurring dramatically for a few reasons:
- The collaboration activities between internal staff and external partners are increasing significantly as project teams, supply chains and distribution channels become more interconnected.
- Globalization is increasingly the overall complexity and distance within supply chains, document management life cycles and project processes. This is driving the need for rich electronic communication between partners.
- Outsourcing means that what services provided by what used to be “internal staff” are increasingly done by partners. In some cases these outsource providers are supplying virtual team members who act, collaborate and need all the services of internal employees but are supplied by external partners.
- The speed, complexity and timing of partners means that the cost of setup, configuration and user provisioning of partner access needs to be automated, timely and cheap.
Take the Oil and Gas industry as an example. A typical oil and gas project is run by a large company that is responsible for the site, the project, capital funding, site selection, etc. However, in order to perform the construction for the project, they engage with hundreds of suppliers that provide specialized engineering services, parts, audit and regulatory expertise, personnel management services, etc. These large oil and gas projects take years to get up and running, require hundreds of thousands of documents and partners need to be able to communicate with the parent company quickly. In addition, the partners might need direct access to internal applications such as document management systems, financial systems, and timesheet systems.
Add to this example that the IT services for the parent company could outsourced to a partner, the project managers might be independent contractors and the company might be operating in several different countries and/or jurisdictions world wide.
So who is an “internal staff” member in this scenario? Who is an external “partner”? What services should they be granted access?
As the extended enterprise becomes a reality, this distinction between External Partner and Internal Staff is quickly becoming obsolete. The separation between environments that organizations created in previous generations of collaboration environments is becoming a hindrance to integration between partners and internal staff.
So in the future, we have to rethink our understanding of Extranet and Intranet and get much more specific about how people will collaborate effectively, whether they are external partners or internal staff. The implications to this are significant:
- “Internal” applications will have to be accessible through some Internet gateway, appropriately secured.
- Identity management solutions will need to be in place as the complexity of user provisioning increases. What used to be a simple distinction between external and internal users will now have to include specific roles, various business rules around access to systems, etc.
- Auditing and access monitoring are critical components to enforce security and access control across the extended enterprise.
- Governance rules and processes need to be formalized so that its clear how users are provisioned, de-provisioned and access grants are approved.
- From a technology perspective, edge firewalls, remote access solutions, etc. are increasingly sophisticated as they take on a more expansive role in allowing the right users access to the appropriate list of applications.
At Microsoft Strategy, we are already providing such solutions for Third Party Access using technologies from Microsoft such as Forefront Identity Manager, Threat Management Gateway, Unified Access Gateway and SharePoint. If you have a similar challenge in your organization, send me an email and perhaps we can help.