how the gig economy changes your company’s identity management needs - and what you can do about it
Is your company working with more freelancers and short-term ‘gig’ workers today than it was a year ago? There’s a good chance it is. In fact, Boston Consulting Group reports there are currently over 22 million freelancers working throughout the European Union; France alone has seen a nearly 100% increase in self-employed workers since 2009.
Platform-based start-ups like Uber, Deliveroo and Gorillas are continually entering the market with new business models based heavily on flex work and gig-based working relationships. At the same time, more and more companies now rely on freelance talent for everything from marketing and graphic design to IT, business consulting and even some executive positions. On top of that, sectors that traditionally have a seasonal workforce like leisure, logistics and retail embrace the more flexible methods of temporary fulfilling staffing needs. So, with all these new faces coming in and out of your organisation every day, your HR team needs to have the ability to verify that freelancers are who they say they are. And that means you’ll need a secure yet user-friendly Identity and Access Management (IAM) strategy in place, with the flexibility to match these workers’ unique needs. Here are a few of my views on how this topic is rapidly evolving in response to the new gig economy, and what you can do to orchestrate the right IAM approach.
Striking the right balance between security and access rights
When it comes to managing your gig workers’ identities, you’ve got to strike the right balance between protecting your company’s assets (security) and allowing your workforce to use the resources and systems they need (access) to be successful and profitable.
A Just-In-Time (JIT) Access approach helps you maintain that balance. Under this approach, instead of granting users standing access to your company’s IT infrastructure, you grant access to specific systems only, and on an as-needed basis. This greatly reduces the risk of data breaches and improper use of your company’s resources.
Another major advantage is that the authentication process can also be fully automated. That means there’s no need for your HR team to continually grant approvals whenever privileged users want to access a specific server or network device and you should be able to bring this closer to the business manager by delegating part of the onboarding experience. Once a user logs in, you can also automatically limit the amount of time that they have access to a specific resource. This ensures that your company’s systems are not exposed to unauthorised users, especially in case the user is logging in via their own device and/or forgets to log out.
How to orchestrate the authentication and authorisation proces?
Your company’s workforce IAM solution needs to verify three important pieces of information about the gig workers as they get onboarded and allow managers to grant access to a new colleague:
- Who are they? (Is their identity unmistakably verified?)
- What are they? (Do they have the qualifications/authorisations that your company requires of them?)
- What are they entitled to? (To which systems and apps do you grant physical access)
To achieve the proper identification of identity and qualifications, your onboarding or log-in processes will often involve multiple steps. You might need to incorporate “step-outs”, in which the user needs to verify their identity through more than one platform. For example: They log in to their account on your website or app. To make it simpler this could be a social log-in means as well. Then they are requested to verify their ID using a national electronic identification (eID) or Bank ID system.
If you require certainty about someone’s qualification you will add a second step in which they are requested to prove their qualifications. This may mean a step-out to an Identity Wallet or validated attribute provider (for example, a driver license check or a professional certification check).
Once these checks are performed the line of business manager is empowered via delegation from HR to grant the gig-worker access to the relevant apps, locations and tools. Corporate policies can be integrated in any workflow and enforce ongoing validation and governance of this flexible workforce.
The key to creating a smooth yet secure login process is orchestration: bringing all these identification steps and systems into one single, seamless workflow, so your gig workers can efficiently log in whenever they need access to specific systems.
Using best practices from B2C CIAM solutions
It may seem like the recent uptake in freelance/gig workers is a new, unprecedented challenge for traditional workforce identity management. But the good news is: We can actually learn quite a lot from Customer Identity and Access Management (CIAM) solutions that we’ve been using in the B2C context for many years. There are plenty of similarities, including:
- A diverse group of users, all with different access needs
- Diverse devices (everyone “brings their own” device)
- The need to balance security and convenience (user experience)
- Possible need for incorporating eID/eIDAS systems from multiple European countries
We find that what works well in CIAM often works well for managing gig worker identity and access too. As mentioned above, this means orchestrating the right mix of identity solutions to provide JIT access.
Do you really need that?
Another important factor (just like in CIAM) is data minimisation. When granting access to a user, only collect the minimum amount of data that you need. If a user logs in using their eID, do you really need to ask them separately for their date of birth, for example? By reducing the amount of data you ask for, you offer the gig worker a smoother user experience. This helps build their trust and contributes to a healthier working relationship. At the same time, it reduces your company’s risk and liability, because you no longer have mountains of unnecessary data entrusted to you.
Any time you collect user data and grant someone access to your company’s ecosystem-whether it’s a customer, an employee or a gig worker—you’ve got to take security, privacy and governance issues into account. Plus, you ideally want to give your users a convenient experience and a smooth identity journey.
In the workforce of the future, more and more jobs will be performed off-premises, by short-term, freelance workers, more often tapped from an international pool. As we all prepare for that new reality, it’s important to draw lessons from what we already know works in the CIAM world. This gives us a sturdy basis for orchestrating workforce IAM solutions that are flexible enough to match any employment model.