It's the little things that matter in information services management.
One of the "little things" that matters most to vendors is sharing of passwords.
I get why. It's perfectly fair that vendors be compensated for the services they offer. And in all likelihood you've agreed to do so in your service agreement with them.
Nothing will drive a vendor crazier than repeated sharing of passwords.
As an information services manager, it should drive you crazy too.
I won't hesitate to "lower the hammer" on password abuse by my users. I won't tolerate it.
Every time a password is shared, every time an unauthorized user is caught using a service, you irritate your vendor, reduce your negotiating leverage, and expose your firm to reputation and legal risk.
You run the risk of being found in breach of contract and losing access to the service. You may face stiff penalties - termination, compensation or equitable relief. Not good.
You owe it to your vendor relationship, your company and your professional ethics to assiduously oversee the use of the products you subscribe to.
You can do this with a robust access control program that uses an identity and access management solution like Ping, Centrify or Okta.
Or look at an Electronic Resource Management (ERM) utility that also offers a basic password management and access control solution. Lucidea, OneLog, ResearchMonitor and H&H offer access control modules.
The way it works is this: you ensure that if you have one user for a product and the seat is not transferable, only that user can access the product.
You can block the product website from all users apart from the named user. This is a somewhat clumsy approach - there may be free content on the site that other users can take advantage of.
A better approach is to centrally administer the passwords used to access the pay-walled content. Again you can use a full-service company like Ping for this, an ERM solution, or a lighter weight access management solution like LastPass.
If access is based on IP Authentication or a Single-Sign-On (SSO) protocol like SAML, that's even better. Rather than worry about administering passwords, you can simply permission access to the site for those users or groups of users its licensed for.
There are many options for access control. You should look into it carefully. Your vendors will appreciate it. This will build goodwill and trust with your vendor, which should translate into better prices for the products you buy.
- Kevan Huston
No comments:
Post a Comment