The gig economy is alive and well. In fact, 30% of the U.S. workforce is freelance – a figure that’s expected to reach 40% by 2020.
For organizations, these temporary workers present a fair share of IT challenges. First, IT teams must get them up to speed without experiencing productivity lapses or business continuity blips. In addition to quick onboarding and easy knowledge sharing, organizations must ensure seamless collaboration between full-time employees and temporary staff. And then there are the security issues that can arise from granting non-employees access to data and devices.
What’s the best solution? “From a process perspective, IT teams need to establish entitlement provisioning, review, and revocation processes,” says Joey Peloquin, Director of Cloud Security Operations at Citrix.
“The best first step businesses can take to keep their workforce productive and secure is to check their entitlement processes – today,” he says. “Look at contractor accounts to see which accounts are still active that shouldn’t be. That will give an indication of where your business is in the process of identity and access management health.”
Temporary workers need fast access to critical systems and devices to be productive. In the past, this required manually installing applications on devices – a time-consuming and labor-intensive process. However, with app and desktop virtualization, IT can easily automate the delivery of desktop resources to contract workers. This significantly reduces provisioning time, getting contractors up to speed in minutes, not days.
But provisioning access for temporary workers must be both swift and secure. For this reason, Peloquin says periodically reviewing a temporary workforce’s access to critical information can keep policies up to date and privileges in check. Storing data centrally in a cloud environment or a data center, and not on a worker’s device, is another way to protect sensitive information, especially at the end of a worker’s term.
The future of security
But while revocation processes can minimize security risks, Peloquin points to user and entity behavior analytics (UEBA) as a “sexy” technology that’s “on the tips of everyone’s tongue right now.” And for good reason: UEBA systems monitor patterns of behavior, then analyze them using sophisticated algorithms, to detect anomalies – signs of a potential threat or abuse.
“We’ve seen it in action at our company and it’s really cool,” says Peloquin. “It enables IT to conduct user behavior monitoring using mountains of data that human beings wouldn’t be able to process in the same amount of time.”
For instance, using UEBA, an IT team can establish a baseline for contract developers, such as how often they access a particular source code repository. If one of these contractors decides to try to steal the company’s intellectual property, for example, the UEBA system automatically detects an uptick in downloads. The system quickly notifies IT of the unusual behavior, which could signify a data exfiltration event—something that previously required a cadre of data experts and months of analysis.