Oktane19: The Art of Workforce Productivity in the Extended Enterprise
Mitch O'Brien: I love the show. It's very well run. These keynotes have been great. It's actually my third Oktane and all the sessions are always so informative and then I always go back home full of ideas. That's kind of what I'm hoping to inspire here today with this conversation, talking about The Art of Workforce Productivity in the Extended Enterprise. And I'll explain what that means as we go along.
Mitch O'Brien: I think I'm supposed to show this very important disclaimer. I'm not going to read it. Probably you won't either. That's okay.
Mitch O'Brien: All right. Before I get into who Fuze is, continuing on from my previous thought about ideas, the kind of genesis of this conversation we're having today was, I think problem, or a challenge, we'll call it, that I don't know that there's a solution for. And for all of you IT admins and software developers, you're probably salivating now. I know, because you can't have a problem that you can't solve or that you haven't solved. And so keep that in the back of your mind. Keep that spirit as we start discussing our main topic.
Mitch O'Brien: So before we get into that, Fuze connects to digital workforce. So we are a cloud communications company. I'm going to skip over to slides. Founded 2006. We have 700 employees, 1,700 customers worldwide, we have about 40% of our business overseas. We do the voice, the video, the messaging, all in one platform, all in one app. So usually don't have to switch between apps and as administrators, it's one platform to manage, which of course it makes your job a lot easier.
Mitch O'Brien: So we're here to talk about the extended enterprise and what's interesting for Fuze and what's relevant, is that really your communication system is the olive branch that extends the enterprise. In the old days. I say old, not that long ago, that was really a phone call, right? You got to talk to a vendor, you got to talk to a customer, you pick up the phone. Fast forward a little bit. We do audio conferences, we do these great video conferences now. All the things have one thing in common is that they're very transactional, right? We have a conversation, we talk about something it ends. It might be recorded, and that may live on, but that conversation really ends.
Mitch O'Brien: Well, we're now entering a world where we're starting to bring people from the outside into the walls of our company. So whatever communication system you use, it may have a guest feature, channel guest, whatever you want to call it. We've got these semi permanent groups that are forming there and we don't really have fantastic control, I'll say, of those groups because it's kind of viral, right? I'm going to invite my contractor that I'm working with into my chat group and that contractor is going to be there for the life of the chat group until somebody remembers, "Oh, we don't work with that person anymore. We better shut them off."
Mitch O'Brien: The thing I keep thinking about is while we have made some really great tools for administering that, wouldn't it be great if we extended it out to Okta and to put that in with your central identity management? So that's kind of thing that I'm going to challenge you guys to think about it a little bit.
Mitch O'Brien: I have this thing.
Mitch O'Brien: Ah, all right. At Fuze, we do an awful lot of research around the enterprise and communications, and we see stats here about the extended enterprise. Before I jump in, before I introduce my panel, just want to quick show of hands who is using extended teams, guests, channel guests, whatever you want to call them. Quick show of hands, you guys. All right. Is anybody concerned about some of these challenges about managing the identity of these guests? Quick show of hands again. Yep. Yep.
Mitch O'Brien: So, a common problem and a something that, like I said, I hope that together we sort of explore the problem space a little bit and talk about maybe some solutions. With that, I will invite my esteemed panel up on stage.
Mitch O'Brien: All right. We've got a couple of mics there. You guys are good to go.
Mitch O'Brien: Okay. Mason, you're first, you've got a mic in your hand.
Mason Spencer: Just us today.
Mitch O'Brien: I want you to tell us who you are, who you work for, and just a little bit about your experience with the extended enterprise.
Mason Spencer: Hey, I'm Mason Spencer. I work for CareerBuilder. I've been there for a little over three years. We've been using Fuze and Okta in conjunction to accelerate our business, for longer than that. I've got concerns around, bringing in Fuze with guests, collaborators, Slack, all these new tools where we're bringing people, not even contractors or interns, just other people outside of our Oregon. And I have no oversight to licensed management, as well as any other administration functions there, and they kind of lose sight when it comes to audits or anything like that.
Mitch O'Brien: Okay. Alex.
Alex Perlovich: Hi, everyone. I'm Alex Perlovich. I'm from a company called Paysafe, which is a fintech company. We're a global company, about 3,000 some users. We have all the challenges that I think pretty much everyone has experienced. M&As, mergers, different companies, different technologies, contractors, guests, third party vendors, you name it, right? It's just what the normal business now is. We started some of this, path, journey, whatever cliche you want to call it at this point, many years ago already. So we've been an Okta for about four years. We've been on a unified messaging platform for about three as well.
Alex Perlovich: Some of the big challenges is how do you secure that data? How do you make it easy enough so that you don't start creating a shadow IT environment that starts spawning everywhere, which a lot of companies are. How do you provide the tools so that you can sort of secure that and have one platform to meet those needs and make it easy enough to not do that?
Mitch O'Brien: Great. Michelle?
Michelle B.: Hi, good afternoon. I'm Michelle Buschman with American Pacific Mortgage. At American Pacific Mortgage, I act as the CIO, CTO, and CISO. And we are a top 15 independent mortgage bank, about 2,200 employees. Obviously we have a lot of regulation around securing our data. In our organization, we leverage a lot of managed service partners, as well as contractors that extend our enterprise. Additionally, because we are so widely distributed with about 200 branches, we have a lot of remote offices and we've also been under a big push to reduce our brick and mortar from an office perspective and pushing people more to be teleworkers.
Michelle B.: And so, we've been an Okta client for about three years and we're almost on our first year with Fuze, and the abilities that the platform gives us have been huge from an efficiency perspective, but it also does start to raise those questions as we start to share out the application to our contractors and temporary folks, as well as our managed services partners, how do we manage the lifecycle of those users? How do we make sure that they're being removed when they're no longer working with us? There's a lot of things in particular that creates challenges for us from a security perspective as we become more extended outside of our walls.
Mitch O'Brien: Great. Thanks.
Brent A.: Good afternoon. I'm Brent Arrington. I'm an architects with Okta on the professional services team. Since we're all at Oktane, I won't waste your time telling you what Okta is. Assuming there.
Brent A.: I've been with Okta for a little over six years. I've had a chance to see a lot of different customers, a lot of different integrations, I've had a chance to see the product grow quite a bit as well. So, hopefully I can help maybe bring a few insights into how to make your integrations a little easier.
Mitch O'Brien: Great. Thank you. All right, let's jump right into it.
Mitch O'Brien: Talking a little bit about the guest policy. So we did a show of hands earlier. I saw some of your hands up so I already know the answer a little bit, but we want to dive in a bit more. So, Michelle, tell us a little bit about, well one, you do allow external guests. I believe we talked about this earlier.
Michelle B.: Mm-hmm (affirmative).
Mitch O'Brien: How are you currently managing that and what's your policy around this?
Michelle B.: Yeah, so it was funny, when we started having these conversations in preparation for today, it actually spurred a lot of questions around what additional policies we actually might need to implement in our organization. Now that we do have the ability to share our guest access to our Fuze platform. We definitely have been using it in a very limited basis.
Michelle B.: Where we're finding the most value right now out of that is extending it out to our managed services partners. So for example, we use a managed security services partner and there's a lot of back and forth that we do. We have weekly threat indication reports, but there's a lot of communication that can be handled through chat. We do our weekly calls through the Fuze platform and it's actually been really helpful because now we have one location actually where all that information file share, everything resides, but it does add that additional challenge around what happens when somebody leaves off of the team or when we have new people join, how do we manage the moderation of those groups?
Michelle B.: So what we've pretty much done is assign the moderator of the group to own that right now, but are very interested in seeing how we can leverage some of the provisioning capabilities through Okta and Fuze to be able to help manage that.
Mitch O'Brien: That's great. Alex.
Alex Perlovich: I mean we definitely allow, I think most companies have to allow at this point. I think some of our concerns before we went to Okta, before we went to Fuze, was these other departments. It doesn't take much now for somebody to go bring up a Slack app, right? It doesn't take much for somebody to go do a Dropbox or Box, and nothing against it, we still use Box and we have some other platforms, they have their value. But you don't actually need IT anymore. Right? You can go ahead and start all that and then you're left out. All that data, all the visibility, you lose that.
Alex Perlovich: And it's important because there's things for compliance and audits and things like that as well. And at the same time you got to look back and say, why did my organization do that? Is it because it is not moving fast enough? Is it because maybe our policies are so, maybe outdated, or just so much bureaucracy that it actually puts this thing where it says, well, IT can't spin this up fast enough, so then I'm just going to go do something myself. I'll put it on a company credit card and then no one will ever see it or talk about it.
Alex Perlovich: So, one of the big things is obviously, having a centralized identity management like Okta to really help streamline where all the accounts are created to give products that are easy to use, right? I mean, everyone's, from InfoSec says, hey, if you want to transfer files, use this tool. It's 50 clicks. It's three different phones you've got to do. Or, passwords are 15 complex. No one's going to do that. No vendors going to do that unless they really have to.
Alex Perlovich: And you hear over and over again from all these conferences where user just bypass that, right? It makes it less secure. Right. They'll write it on a keyboard, they'll put it somewhere underneath, they'll share it because they don't want to do it anymore. So there's all this stuff. So I think simplifying the tools that are used, giving a platform where it's easy to share and it's comparable to other leading products is really important.
Mitch O'Brien: Great. And Mason, I think that CareerBuilder is not currently using guests. Am I correct?
Mason Spencer: Yeah. Not with Fuze, but we do have this problem with other applications. I've noticed a lot of times, this new paradigm kind of spinning up of ad hoc collaboration groups. So whether it be Slack, Zoom, hopefully soon Fuze with guests, and whatever other service just to get one project done, especially us being entirely a technology company, someone might work with six to seven other vendors and those vendors are only managed within each application, right? Say within Zoom or within Fuze, or within whatever application. We don't see those identities because these people aren't really part of our organization. But that ad hoc collaboration group still forms and needs access to several services from our company to help us accomplish a goal.
Mitch O'Brien: Great. Brian, I'd love to hear your take from Okta. I know you work with customers that use these types of features, but also you have a unique perspective on how we could work with Okta to kind of manage these things.
Brent A.: Right. So, being the Okta guy, it's probably not surprising to my point of view would be yes, absolutely. You want to have all of your identities on there. Probably you guys would agree with that in an ideal world, right? You would love to have that level of knowledge of everyone who has access to your systems and that level of control, but it's not easy. It's sometimes hard to get all of those different groups, consolidate it into Okta.
Brent A.: Coming from the PS side, traditionally, we've done a lot of work with customers where we've had to do some customization and do some pretty heavy building with Okta APIs to enable some of the things that, that would make that sort of management of external identities a little easier. I think with some of the announcements that we've had here this week, that's getting a lot easier now. The hooks that we are now exposing through our different events, endpoints are going to make some of this onboarding process a little easier.
Brent A.: I can see the self-service capabilities of Okta, talking about guests. Like the capabilities that we have now with some of the workflow stuff and the progressive profiling in the hooks, I think that, that'll make it a lot easier to build a custom self-service features where you can get these external identities into your identity system, without a lot of manual management on the admin side and have a way to then get that control over those identities who has access to what, when to turn it off the audit trail of who's accessing what, et cetera.
Mitch O'Brien: Great.
Mitch O'Brien: So, I mean, we've kind of started to get into this already. It sounds like we're all in agreement that external guest should tie into our central Okta strategy. How do you see that working? I'll with start Mason.
Mason Spencer: So far, when it was just one application here or there that they needed, I was fine with letting that application manage the identity, but now that they're going across applications and they're needing two to three company resources, there's a dire need to get that tied into a central identity management solution.
Mitch O'Brien: All right. Alex?
Alex Perlovich: Yeah, I mean definitely that's the ideal world that you want something like that. And the big thing is, if somebody goes off and they add these external users, right? And those external users have left or their contracts have ended, they still technically will have rights to those files and those systems and you can lose your visibility, right? So the more you can centralize it, the more you can give a kind of one source of truth for that. I mean, it's difficult, but it'll makes a lot of stuff easier. And that's obviously why you guys were here for Okta, so you can integrate that. And then, ideally it would be, if you want to look at the end state or try to go as much as possible, easy sign up for your own internal applications, but for external users and then have that visibility and have that oversight, so you know that you can disable accounts, if they're inactive and things like that.
Michelle B.: Speaking off of what Alex said, for me it's the visibility, right? When you have folks signing up and using some of these other assets that you don't have visibility into, to know that those accounts exist, creates a lot of risk. So, definitely being able to connect those and have a really good central source of visibility is critical and managing the life cycle of those accounts.
Michelle B.: Additionally to that, it has to be easy. When we talk about technology today, if there's a barrier to doing that to is to giving the business the freedom to be able to share those things but it creates 10 extra steps, they're going to go bypass it. So, it has to be simple. It has to be integrated into the existing process, and you have to have some visibility so that ... Digital identity is dangerous today, right? With all these folks. When people used to be face to face, you know who they are, but now we have people who potentially are coming into our assets that we think we know who they are, but there needs to be that additional sense of validating that identity to know that you don't have some sort of breach.
Brent A.: I think the key there is ... I think we all agreed that we should be striving for this. It's how do you make that happen and how do you make it easy? To your point. I think there's sort of two categories of barriers that we want to try and break down. One is on the end user, obviously. You want to make it as easy as possible for them to start collaborating and be productive. You also want to avoid any undue burden on your admins as well and the IT staff. Having seen a lot of different implementations, like one thing I can say for sure if there is no one right answer. How you do this is going to depend upon your unique situation that the specifics of your company, what you were external users look like, how many of them are there, where are they coming from? That sort of thing.
Brent A.: So there can be a range of possible solutions. Everything from manually putting users in Okta if you only have a handful of them, to having a spreadsheets that you manage and use CSV as a master in Okta to bring them in and manage them that way. All the way to building customize self-registration solutions, which fortunately are now I think getting a going to be easier to do. But, the exact solution is not going to be the same for everyone. That's going to depend on your unique situation and basically finding the balance between the effort you have to put in up front to build a solution, and then the, I guess the pain that it's easing, but that solution is easing off of your shoulders.
Mitch O'Brien: So we talked a little bit about making it easy for the end users and self-registration flows and so on. But you touched upon not making a burden for your admin. What kinds of controls to the admin need? I mean we see a number of different controls in the Fuze platform and others for these guests. As simple as I can find all my guests and go and shut them off if we're done doing business with them, to timed or expiring kind of guest accounts. What about things like, we're no longer doing business with this entire contracting company. Should we be able to shut off PwC? What kinds of controls do you see being needed at the admin level?
Brent A.: Yeah, I mean, I think all of those make sense potentially on a case by case basis and there can be different ways to achieve those things. Being able to identify specific populations of users, whether it's by group membership if you've had an Okta, or by attribute values and creating group rules, or creating lifecycle events based on how long has it been since these people have logged in, do we want to just clean up these accounts? To, you mentioned partners that you no longer were working with. If you're doing inbound federation from a particular partner, turn off that inbound federation if you're not working with them anymore and that sort of thing. Again, the exact answer is going to vary depending on your unique situation, but I think there are some good options for finding solutions that are manageable and give you the control that you need.
Mitch O'Brien: Sure. Michelle, you've been doing some thinking about this. What kind of controls are you looking for as an admin having to deal with this?
Michelle B.: Yeah, automation.
Mitch O'Brien: That's fair.
Michelle B.: Automation. As much as we can automate as possible. Again, I dealt with a pretty small IT staff, so when we're looking for solutions, we're always looking for platform driven solutions. I don't have a lot of integration points across multiple systems, and those central panels, so there's the visibility and the controls that you need, but, being able to, to your point, based on the groups that you put them in, or attributes of basically being able to almost kind of build a rule on the fly as I'm just thinking here to say, "Okay, everyone from this group and this company or with this attribute, go remove them." And, just have it run in and do that for you. I think you need that type of flexibility because it's really gonna be dependent upon how your identity access structures built.
Michelle B.: I would agree there's not a one all, fit solution. But, giving us the capabilities to be able to do that at a high level, as I mentioned, build our own little query or rule and say, okay, now, now that you've got all these people, go do this to them.
Mitch O'Brien: Great.
Mason Spencer: All right.
Mitch O'Brien: Oh. Go ahead.
Mason Spencer: I did have a few comments on that.
Mitch O'Brien: Yeah, please.
Mason Spencer: Right now how I do it is I go to each application, sort by last use. Anyone over three months, they get they deactivated. Right? I'm hoping that my internal guys still going to be reactivated upon login. Not the best way to do it going into each app. But then the other point there is I need self-service. This identity doesn't come from HR. This isn't part of the enterprise. I need it spun up and spun down by the end user in my org that wanted this to begin with.
Brent A.: That's a great point. I would love if it had a little more self-service, specifically for that part of it. Right? So you're going to enable a tool that you consider internal, right? Fuze, Slack, whatever through Okta, but IT maybe doesn't know about it, right? HR doesn't know about it because this is a contract outside of HR. It'd be great for whoever set that up or some checkbox that says, after a month, go ahead send an approval email. Those things would be really nice to see. And then just have that more like, Michelle mentioned, automated, right? So you're not just, "Oh, I have to go back every few months." Right? It's just, hey, here's an email, here's the notification. This is how I'm going to do it.
Mitch O'Brien: Great. And that kind of gets into policies for these guests in particular, but I mean generally for departed employee of, I'm always interested to hear, what are your retention policies like? Do you just expect that this stuff disappears? And in particular, with guests, right? They've contributed, we're going to remove them at some point. What are you thinking about that? Mason, we'll start with you.
Mason Spencer: That's a great question. I'm thinking about that. We have no policies. Someone complains, we go restore the account. Otherwise, we hope for the best and it's not a good way to go about business.
Mitch O'Brien: All right. Alex?
Alex Perlovich: Yeah, I mean it, it's difficult. I mean, I think everyone has some sort of data governance and some sort of data policies for, here's your email, here's your HR system, here's your finance system. But if someone puts a chat message, that may be out of it. What about all those other ones? So, I mean, I don't know if I necessarily have the answers either. I know our companies are constantly working on policies and what do we retain or not. I know some of the start of it is to consolidate as much as possible, so you can have one or a few kind of best of breed platforms where you can kind of go back and look. And at the same time, if you're sharing when employees leave or whatnot, to have something in place that says that data, if they worked on some project needs to go somewhere.
Alex Perlovich: Some things we also try is to link some of these applications like Fuze and Okta with other third party. It's something like Box, right? Where you can have more data governance and retention and then that's where it kind of stays in there.
Michelle B.: So this one's a fun one. Working, in a regulated environment, we have regulations that we have to actually manage around obviously securing consumer information, but also retaining it, as it has to do with loan manufacturing. Then you have obviously your finance folks that have different regulations around IRS. So we have a pretty robust data retention policy. But, but where are you start to run into that issue is in some of these newer solutions that are out there.
Michelle B.: When we were talking about this, when we were rolling out Fuze, in fact, we had to make a policy basically stating that if you're talking about a loan transaction, that information needs to reside within the actual loan file itself so that it can be retained per our regulatory guidelines. So it's a very interesting challenge because there's not necessarily any technical controls that I can put into place to say, "Oh, you're talking about alone. You're not allowed to put it into the chat message." Right?
Michelle B.: We've obviously we had to train our end customers, our users to make sure that they're using the right tool for transactions. Then of course, you always have, there's the litigation piece, right? What do you keep, what you don't? Especially if you're thinking about that you're ... have a guest with a vendor, let's say it go south, right? What you keep, what don't you keep? It's an ongoing conversation that we have. We definitely have some pretty straightforward policies based on our regulatory requirements.
Michelle B.: But the other challenge I have is with your shadow IT. The things that I don't have visibility to that I should be retaining and managing. And then, we do have from when an employee departs, we have a very well rounded process for that, around maintaining their data. Again, because of our industry and what we're doing, there's a lot of stuff that we do need to retain in the event we ever had an issue with either a consumer loan or an employee issue. But, the new age does pose a lot of challenges for that.
Mitch O'Brien: Sure.
Brent A.: Yeah. So from an Okta perspective, this is something that's unfortunately historically kind of been out of scope for the most part for Okta. We just haven't really had a lot of implementations that really dealt with data retention on the downstream applications, with some exceptions. But from being an old nerd, I'm really excited to see what possibilities are now gonna be opened up with the hooks that we can build into those provisioning and deprovisioning flows. We now have a much easier way to actually build in some of this custom logic right into the provisioning flows that they're already built into Okta integration. So I think this is something that's going to be, I would expect more and more common in the engagements that we see.
Mitch O'Brien: Yeah, I think that's going to be super powerful. I can definitely imagine like during a deep provisioning flow, we'll take all of that user's data and put it into our vault that's on Box or something else.
Mason Spencer: Yeah. We had your traditional model, if it's an employee on prem or remote, you have a contractor. Usually you would give them equipment and you can manage that, right? You're going to get the equipment back, you're going to do that, but that's not what people do anymore, right? You hear about all the zero trust and you have mobile devices and you have third parties who bring in their own equipment or BYOD, and you lose all that, right? You're not going to get those devices back. That information's there. You may or may not force MDM on them. Not everybody does that again. So, it's going to be something.
Mitch O'Brien: A couple of slides ago we were talking about the admin controls and hearing that there's some different thoughts on what we might want to do, what I'm really interested in. What are you doing today? So Fuze in particular, like I said, we do have some of those controls, both the group moderator can be the person responsible for it or from the admin side, on a regular basis going, "Who are my guests in my enterprise and should they still be there?" But that's really leaving it up to those users to do the right thing. And so, how do we ensure that, that's actually happening? And, how are you dealing with that today? Michelle you want to start?
Michelle B.: Sure. So this is one of the biggest challenges for us in our organization. One of the reasons we actually selected Okta as our identity access management solution was the ability to connect accounts for single sign on to actually be able to take advantage of the provisioning product as they built it out. Right now, basically the best way that we have of doing this really is an auditing items, right? So, we do put all of our users and our active directory account and they actually do get an Okta count as well today. And so, we're able to create reports and manage. We have a few tools that we put on there to be watching for weird activities, inactivity.
Michelle B.: We're still a bit immature I would say, from a maturity perspective in our IT practices around onboarding and off boarding and it's been a huge focus area that we're working on this year in fact, and trying to take advantage of some more of this auto provisioning. Our customers and our employees probably have 20 different applications that they use, of being able to tie all those together and make sure that we have that central source of truth to know when someone needs to have the application or not, if they need it anymore or not, and then when they're terminated to make sure everything has been removed. And it is a huge challenge for us, particularly as we grew significantly on a very short amount of time with a number of users we're trying to manage without a lot of automation.
Michelle B.: I don't know if anybody's got this down perfect. But we have a great vision that we're trying to execute using the technologies that are available to us and maybe potentially some of the development capabilities that we'll now have also with Okta because one of our challenges is that we're in that mortgage banking world is there's a lot of our applications that aren't available with the SAML 2.0 or through Okta's catalog, which makes it a little bit more difficult. So, but yeah, it's a challenge and I mostly would love to hear what other people are doing.
Mitch O'Brien: Before we move on, so you talked about the lifecycle management of your employees, but what about the guests? So you are using the guest feature. Who's policing that?
Michelle B.: Yeah. So we've just barely started using the guest features within our Fuze application. And right now it's been pretty much restricted to IT and probably me. Like I said, we've really just started with our managed security services partner, and working through that and obviously we're going to have to create some visibility there because those folks don't necessarily have an account with us in active directory. So these are the areas, like I said, at least in the short term, we're trying to have the moderator manage the group. But we need to come up with a better way of actually inventorying that, seeing when somebody was last in there and then actually being able to validate their identity. And that's where I'm hoping Okta can help us.
Mitch O'Brien: Why don't we go to Brent?
Brent A.: Yeah. What said. No, I mean, again, like I said, I think we've been somewhat limited in some of the things that we can do out of the box from a lifecycle management perspective. It's pretty much just crowd operations, unless you want to really pay PS a lot of money in and have us build something from scratch, which I'm happy to do. But, I think the kind of opening up Okta and creating more of a platform, you can extend and customize is something that's going to really add a lot of value hopefully for customers and enable you to do a lot of interesting and useful things for your enterprise.
Mitch O'Brien: Okay. Alex?
Alex Perlovich: I think it kind of echos all that, right? We don't really necessarily have a lot of automated tools and we're trying to strive for that and try to go to that and obviously some of the new features we're really hoping to kind of start using and getting more visibility in it. I think you have to change your mentality too, to have a continuous, no one's going to like it, but a continuous audit mentality, right? Just like you would with CI or CD, right? Where people started changing their mentality. It's not because my PCI or SOX compliance says every quarter, maybe I've got to do it every month now. Maybe I need to write reports that actually alert when there are inactive accounts so that when those audits come up, it's not this huge lift from all these different parties.
Alex Perlovich: So we've been really trying to push a lot of that and kind of just always continuously reviewing and whatnot. That makes it a lot easier if your internal of course, because you kind of see that visibility of one source of truth, AD or Okta or whatever it is. External, that's a little more difficult. We just started using some of the Fuze ones. We have some other apps. It's sort of a manual process for our external and that's never a great thing, but always looking for ways.
Mitch O'Brien: Mason?
Mason Spencer: Yeah. At CareerBuilder, we actually have a pretty complex setup for lifecycle management. We've got a skim application, almost half a million lines of code written in .NET that does a lot of our management, including letting Fuze know when we need phone numbers or when we need them removed. That's just one of two applications we have running to do all of the legwork. Anything that can be automated through lifecycle management we've done, whether that's even sending an email or creating a ticket for someone to go manually do something, come back, complete it and continue the life cycle of the employee. We would love to kind of bridge that to external folks. In the gap where we can't, we're starting to shut that down for external folks because we are losing visibility and we're not wanting to manually go do all these tasks.
Mitch O'Brien: Sure. Well, hopefully between Fuze and Okta we can start building some better tools if nothing else, better visibility, but automation, obviously it's for who we want to go.
Mitch O'Brien: All right, well before we open this up, we just have a few minutes left. Just a round of applause for our panel. Thank you very much for joining us. This has been great chat and exactly what I wanted to do. Of course, you're welcome to participate in the open discussion if you've got some additional points. Anybody have any questions, comments? What's your experience in your enterprises with extended teams?
Speaker 6: I'm just wondering-
Mitch O'Brien: Oh, let me bring you the mic. Sorry.
Mason Spencer: I would hear him.
Speaker 6: I was just wondering, do you have a dividing line within your individual companies, where you say, okay, well these types of contractors we're going to onboard into HR stop? Nah, those are going to be external guests as you guys are-
Mitch O'Brien: Want to start, Mason?
Mason Spencer: Yeah. For us, all contractors, if they're going to roll up to any subsidiary of ours are going to start with HR regardless. It's not really a concern. Interns, just the same, whether it's a month contract or more, everyone goes to HR if you're going to be paid from one of our financial systems. But it's the other people who come and guests collaboration that we're losing sight of.
Michelle B.: Yeah. I would say from a contractor perspective, this is something I pushed really hard with our HR and legal team is to actually make everybody go through HR. We were having a lot of challenges where we're getting different people to ask for different access or somebody who would be hired. And I didn't have visibility to it because it was being paid through payroll, not through ADP, which is kind of what I use as our source of record to know who is employed and who's not. So very much, I made the HR make a policy change where every person, whether it's a temporary, a contractor, anybody who's coming to work for us that's going to be paid, no matter how they're paid get put into ADP so that I know whether or not they're actually employed or not. Because I was having a really difficult time.
Michelle B.: Our organization doesn't have an actual full HRES system. So I had a hard time having a source of truth. And so that's what I use. And so I started making them put everybody in there. So I had a report I could look against to make sure, as we do our QCs that these are actual active employees. But it doesn't solve for the external guests, where they aren't actually getting paid to do work. Right?
Mitch O'Brien: Yeah.
Alex Perlovich: Yeah. I think what we kind of do is going along the same lines, if there's contractors, they have to go through HR, they have to go through those tools, but sometimes it becomes more gray. Right? What happens if you have professional services? You're not going to necessarily bore them the same way as a contract. You're not going to give them equipment because they have a short term project. How do you do that? I kind of see them almost similar to a guest and it depends on your systems, right? So it may be that your InfoSec has already done an assessment of their policies, right? To get approval over that.
Alex Perlovich: I guess it varies as the question. Sometimes we have to have InfoSec review the policies beforehand to make sure we can allow those connections. Other times, if they don't have anything and then we have to default to everyone gets goes through HR, everyone gets our equipment, etc., and then guest is still kind of an open thing where you're collaborating freely or will collaborate with Fuze or Okta, and how do I control that? Because that doesn't go through HR. It kind of varies on the tools. If they need more access in, we'll have to start going through some of those more controls.
Mitch O'Brien: Any other thoughts or questions?
Speaker 7: More questions. Raise your hand, and I will bring you the mic. Brilliant.
Speaker 8: Alex and Michelle, how much friction does that create with the line of business when you create those extra policies? You touched on it a little bit.
Michelle B.: You want to go first?
Alex Perlovich: We try to make it as seamless as possible, so we'll use some of the built in tools, right? We can have DocuSign with Okta to help automate the workflow to onboard it. Right? Again, it automates a lot that, so I found it is not too much of a friction as long as you can meet the SLAs. Right? So if I need to bring them on quickly and your IT department can do that, then I think that's beneficial. I agree though. If you say, I'm going to need a week to onboard somebody, they're going to go off and do their own thing. It's too late already. As long as you agree to the SLAs and everybody accepts that, I haven't found too much. But again, if you're gonna go off that it's going to cause issues.
Michelle B.: Yeah. At first, it was a bit tough, because they had to learn a new policy and they needed to think ahead. Instead of just calling up IT and saying, "Hey, I need access for this person," it's like, nope, we can't help you. I'd love to help you, but you got to work through HR, because many times they're moving so fast that they weren't even including HR and some of these things, they're working with their director that says it's okay, go ahead and you can hire this contractor to do some marketing work or whatever it might be.
Michelle B.: So there, there was a little bit of frustration at firs, but I would agree with Alex, as long as you can agree to that SLA of when you would have that to them, and that HR is educating them around the process. That was a bit of a challenge for us is like, we made an agreement but then HR wasn't necessarily sharing that process change so that when we would push back to our customer asking for it, they would get a little frustrated. There is always going to be some conflict, but I would agree, if you can come to an agreement of how quickly those things will happen and you can meet that, that generally it's not an issue.
Mason Spencer: I think the other thing you'll notice is HR handling attribute collection frees you up a lot.
Brent A.: One thing I would add, we've talked about self-service. I think generally, when we think about self-service, we think about the end user, but you can also think about self-service for your business owners within your organization as well. Right? If you can come up with an easy self-service solution where these people can get users, they want to add onboarded into your Okta system, that can be really helpful as well.
Michelle B.: Absolutely.
Mitch O'Brien: Great. Well, looks like we're just about at a time, unless there's maybe one last question.
Speaker 7: Do we have one more question in the room? Any takers? One more.
Mitch O'Brien: Oh, one more.
Speaker 9: I just have a question and build upon the guest users itself is, are you, especially maybe if for Fuze, how do you manage, instead of going through HR or any other kind of department within the company, but they want to collaborate with other companies through federation, where anybody from that federated company can actually have collaborative projects, how do you manage that?
Mitch O'Brien: The guest feature is kind of by nature meant to be a little bit more viral, right? It's the end users saying, "I need to communicate with this person." So, it invites them into some groups to participate. We do provide some admin tools to allow or disallow guests altogether. Then we also provide those tools for the end user to say, "Hey, I'm done working with this person, take them out of this group."
Michelle B.: Yeah. And, and just to kind of add to that, and I've got the Fuze's ears, what would be great is to add some additional administrative controls so you can allow or disallow a user level to have someone inviting guests. That'll be helpful too, to help us control sprawl.
Mitch O'Brien: Go on the road map. All right. We're out of time. Again, thank you very much. It's been a great chat and thanks to all of you.
Speaker 8: Thank you, Fuze. Thank you to our panelists.
For many organizations today, the new norm is an extended enterprise made up of local and remote employees, contractors, and partners, accessing on-prem and cloud resources, across an array of devices. This new and still-evolving work environment presents challenges. But despite the complexity, it is possible to embrace flexibility, drive collaboration, enable productivity, and maintain enterprise security–all at the same time.