Identity at the Center Identity at the Center #62 - Managing Third Party Identity with David Pignolet from SecZetta
Sep 21, 2020
David Pignolet, founder and CEO of SecZetta, dives into the intricacies of managing third-party identities. With extensive experience in identity governance, he discusses how non-employees differ from employees in terms of data and regulatory concerns. David highlights the need for a dedicated tool for non-employee records, the risks of manual processes, and the importance of continuous validation methods. He also shares insights into automating identity lifecycles and staying informed on identity topics, making for an engaging conversation on a complex issue.
AI Snips
Chapters
Transcript
Episode notes
Non-Employees Lack Employee Context
- Non-employees lack the rich, authoritative HR data employees have, making identity governance harder.
- Their relationships are distributed and driven by external incentives, increasing identity risk and complexity.
Ownership Is Distributed To Lines Of Business
- Ownership of third-party identities is usually distributed across lines of business, not centralized in HR or IT.
- Different non-employee populations require different owners and lifecycle handling based on their roles.
Don't Put Contractors In HR
- Avoid stuffing non-employees into HR systems because of cost, misclassification, and management overhead.
- Use a purpose-built system to mitigate risk and reduce HR and audit exposure.