After experiencing the impact of the epidemic on a global scale, the impact of the epidemic on the digital transformation of enterprises has transformed from the initial forced and local "cloud office" to the long-term and far-reaching full-scenario impact. Coupled with the accelerated decoupling of Chinese and American technologies in recent years, and the support of Xinchuang policies, the use of localized solutions by Chinese companies to replace the original packaged software of foreign companies in the digital transformation is accelerating. At the same time , the breakthrough in the field of artificial intelligence led by OpenAi has brought new difficulties and opportunities to the digital transformation of enterprises due to various factors.
The data shows that after the epidemic, the maturity of digital transformation of Chinese enterprises has steadily improved, and the revenue growth rate of leading enterprises with remarkable transformation results has reached four times that of other enterprises. State-owned enterprises and large groups have entered the deep water area of digital transformation and watershed. Digital transformation is a long-term, systematic and cross-functional project involving the entire business of an enterprise. There is no "silver bullet" for digital transformation, and it cannot be accomplished overnight.
According to statistics, due to the lack of forward-looking layout, more than half of the enterprises have undergone drastic transformation, and the value and benefit of digitalization are not obvious. This article will analyze the current situation and difficulty of digital transformation of group enterprises, and how to improve the management efficiency of large groups and downstream subsidiaries by building a group identity platform and multi-tenant structure, and build a digital identity infrastructure for the group to adapt to future development.
01. Insights into the status quo of digital management of group enterprises
Group-type organizations usually have the characteristics of numerous downstream enterprises, rich business types, complex hierarchies, crossing multiple regions, large number of personnel, and frequent changes. At the same time, due to the distribution of IT power in the group organization at each level of each subsidiary, and due to the limitations of objective factors such as the business, region, and technical strength of different subsidiaries, the digital transformation of each subsidiary must be taken seriously in the process of digital construction. There are differences in many aspects such as knowledge, emphasis, and degree. The digital system is built in an island-style manner among subsidiaries, and the digital system is also built in a chimney-style manner within each subsidiary. These factors further lead to the following challenges for the Group's digital transformation:
1. The group's informatization is earlier and deeper, and the old system and traditional management process are difficult to be compatible with the new digital construction concept and needs
Group enterprises usually have an earlier and deeper informatization construction. But because the early informatization process usually used a lot of packaged software and mainly relied on external suppliers to provide informatization consultation and system construction. Under the background of digital transformation supported by new technologies, the old systems and traditional information management processes and systems within the group are aging, and the traditional concept of "repairing and repairing for another year" is difficult to meet the needs of new digital construction, overturning the reconstruction cycle Too long and too expensive.
2. It is difficult for the group to achieve unified management of the employee identities and application system data of all subsidiaries because of the isolated digital system among the subsidiaries
Due to the differences in various objective factors such as business structure, technical capabilities, and regional regulations, as well as the different roles of employees, distributors, suppliers, and upstream and downstream partners in different subsidiaries, each subsidiary is based on its own business structure. Independently build a digital system according to the requirements of management and management, and at the same time independently maintain various digital application systems and manage complex identity systems. As a result, independent digital islands are formed within the group, and construction, maintenance, and iteration costs are repeatedly lost. The group is difficult to get through the data of each subsidiary, and cannot manage the employee identities and application system data of each subsidiary in a unified manner.
3. The chimney-style digital construction within the subsidiary makes cross-departmental collaboration difficult, internal data transfer efficiency is low, and market demand response flexibility is insufficient
Affected by the long-term economies of scale and specialization and division of labor development model, the vast majority of companies have clearly defined internal hierarchies, clear division of functions, and solidified traditional interest patterns and rights systems, resulting in a lack of open awareness of digital transformation such as resource co-construction and sharing and cross-departmental collaboration. In the process of digital transformation, each department builds and implements corresponding digital systems around its own core business lines, and internally forms a chimney-style digital structure with each business line as the unit. The data fragmentation between systems of different business lines leads to the efficiency of data transmission within the company. Low, unable to give full play to the value of data elements. At the same time, because cross-organizational collaboration and data flow between systems are blocked, and internal R&D resources of the enterprise are limited, resulting in insufficient flexibility in responding to market demand.
4. It is difficult for the group to quickly promote and implement advanced digital transformation experience to downstream subsidiaries, and it is impossible to form digital economies of scale
In the process of in-depth digital reform, the group usually researches and pilots advanced digital transformation methodologies, which are hindered by the above problems. Since there is no complete digital management structure for subsidiaries, it is difficult to quickly replicate and promote the projects and experience of the pilot results to downstream companies. Subsidiary. However, the deployment, upgrade and maintenance of traditional digital systems mainly rely on independent implementation by each subsidiary, which will lead to lower resource utilization and high operating costs for the group as a whole. At the same time, if the group expands new businesses, it is difficult to quickly provide and deploy existing digital capabilities for it, and the entire group cannot form digital economies of scale in all scenarios.
02. The importance of building a group digital identity management infrastructure
The world-renowned consulting firm Gartner proposed the concept of EBC (Enterprise Business Capability) in 2019, and believes that EBC is becoming the core competitiveness of enterprises in the digital age. Briefly, one of the concepts of EBC advocates that enterprises should be data-driven, from end to end, to transform the internal data of the enterprise from the past chimney and silo type to a collaborative one, so as to enhance the overall digital capabilities of the enterprise.
1. Fine-grained management of all identities and permissions within the group and downstream to ensure group information security and audit compliance.
The management of a group or enterprise is essentially the management of people, and the same is true in the digital age. The difference is that the identity in the digital age includes not only personal identity information, but also terminal equipment and systems. At the same time, information security is the core of enterprise management. As mentioned above, with the emergence of scenarios such as business migration to the cloud, ecological collaboration, and multi-cloud hybrid, as well as the popularity of mobile Internet and IOT devices, a large number of device access and migration to the cloud have expanded the identity and trust boundaries of enterprises. In the past, internal firewalls of enterprises Boundary-based identity and access control (IAM) can no longer meet the needs of today's distributed identity and permission management.
Therefore, the group has deployed the next-generation identity infrastructure in advance, that is, the cloud-based identity management and access control system (IDaaS). IDaaS provides a unified identity platform for identity verification, authorization, and access registration. It can manage internal and SaaS applications at the same time. By connecting the identity system and OneID capabilities of the cloud and local systems, it can realize the identification of internal employees of the group and employees of downstream subsidiaries, The identities, permissions, and data of roles such as external partners are managed and controlled in a unified manner.
Powerful IDaaS has comprehensive authority management and security policy configuration capabilities. For example, Authing IDaaS provides an RBAC&ABAC authority management model based on the OPA engine, which can manage not only physical resources in the business, but also fine-grained management of data, APIs, menus, buttons, etc. Authority control, not only that, Authing IDaaS also provides powerful authority orchestration capabilities to realize the authority management coverage of the group and its subsidiaries in all business scenarios. Authing IDaaS also provides comprehensive user behavior audit logs within the organization to meet the group's security compliance needs.
2. The multi-tenant model helps the group realize hierarchical and decentralized management of downstream subsidiaries and improve the efficiency of the group's digital unified management
The difficulty of group identity governance lies in managing the complex identity information of employees, suppliers, partners and other roles of its numerous subsidiaries. Traditional IAM only supports single-tenant mode, and subsidiaries manage and maintain complex identity systems independently, while IDaaS supports multi-tenant mode at the same time, which can help the group realize unified management of all downstream subsidiaries.
Multi-tenant mode is a software architecture design that allows multiple tenants (downstream subsidiaries) to share the same software application instance while ensuring data isolation and security. Only relying on a single multi-tenant architecture cannot effectively manage the identity information of all employees and other roles of the group subsidiaries. A multi-tenant architecture based on strong identity middle-end capabilities is required, so that the group can quickly integrate the identity systems of all subsidiaries and realize hierarchical and decentralized management of complex organizational structures.
For group enterprises, the multi-tenant architecture provides the group company with a unified identity management platform and employee identity information OneID capability, which simplifies the monitoring of business data and processes of each subsidiary. The group company can view and analyze the data of all subsidiaries on one platform, providing efficient data decision support for the unified management of the group. The multi-tenant architecture can greatly simplify the management of its many subsidiaries and improve the efficiency of the group's overall digital unified management. Not only that, but the identity-based multi-tenant architecture also has the following advantages:
- Improve resource utilization and save operation and maintenance costs: Since the multi-tenant architecture supports multiple subsidiaries in one application instance, resources can be allocated according to the actual business needs of different subsidiaries. Through load balancing and elastic expansion, the system can be based on the actual needs of tenants. and system load to automatically allocate resources. This dynamic allocation mechanism ensures that resources are allocated reasonably among different tenants, improving the performance and stability of the overall system. When resource demand increases, more resources can be quickly allocated to meet demand, and when demand decreases, resources can be recycled to reduce waste. This elastic scalability helps to optimize resources and significantly reduce the cost of IT infrastructure, maintenance and upgrades.
- Tenant data isolation, data security compliance: Although the subsidiaries under the multi-tenant architecture share the same application instance, it can ensure that the data of each subsidiary is isolated from each other. In addition, the multi-tenant architecture can also provide centralized rights management capabilities and security policy configuration, as well as provide comprehensive user behavior audit logs within the tenant, ensuring data security of all subsidiaries and compliance with local laws and regulations.
3. Open up the group's full-link identity system to improve the operation and management efficiency of the group and its subsidiaries
With the deepening of the digitalization process, the multi-application and hybrid cloud environment brings a heavy management burden to enterprises that use traditional IAM for identity management. For example: for the downstream subsidiaries of the group, the IT administrator needs to maintain the account information of each employee between different systems, and do log audit and authorization management. When it is necessary to log in to the internal AD domain through VPN, employees need to maintain a complex account password system.
IDaaS provides a unified user directory, which integrates and manages user identity data in different systems of the enterprise through a single trusted data source. A unified application management platform is also provided. By meeting various standard integration agreements, the group can associate with subsidiaries through one integrated application, greatly reducing the cost of repeated application integration within the group.
A reliable IDaaS solution also provides an application integration network to help the group and subsidiaries quickly integrate required applications and reduce application integration costs. For example, Authing APN (Application Integration Network) pre-integrates more than 2,000 digital applications, as well as a self-built application rapid integration solution that supports multiple mainstream protocols to achieve seamless connection between data and business processes. Each subsidiary or new line of business quickly deploys the required application software.
Through the integration of the above-mentioned identity and application system, and the combination with the above-mentioned identity middle platform authority management capability, the single sign-on capability of the application system of the whole group is realized. Employees only need to authenticate once to access all the business systems that have been granted access rights. , improve employee office efficiency and prevent password leakage. At the same time, the powerful IDaaS solution also provides identity automation capabilities to automatically realize the synchronization of upstream and downstream identity information within the group, greatly reducing the burden of enterprise IT personnel on operation and management, and improving the overall management efficiency of the group . It also brings the following advantages:
- Unified upgrade and maintenance: Through the multi-tenant model based on the identity platform, the group company can upgrade and maintain the application in a unified manner, avoiding the tedious work of upgrading and maintaining separately in multiple subsidiaries. This not only reduces operational costs, but also ensures that all subsidiaries receive the latest functional and performance improvements in a timely manner.
- Full-scenario digital economies of scale: IDaaS can help group companies break down the original data barriers within the enterprise and within the group. Improve the group company's business model innovation and cross-organization collaborative innovation capabilities through the multi-tenant model, and form a digital development model that uses digital capabilities and on-demand calls to empower lightweight and collaborative business. With the access of more and more businesses and subsidiaries, the time and cost of operation, deployment, integration, and maintenance of each subsidiary will be released, realizing the digital economies of scale of the group's entire scenario.
03. Best practice case sharing: a world-renowned large group
1. Demand challenges
- The group has more than 300 companies and nearly 400 branch organizations. The organizational structure is huge, there are many people, and the identity system is chaotic. Since the companies and organizations are distributed in multiple regions, it is difficult to manage the organizational structure and employee identities, and the efficiency of information transmission within the group is low. It is hoped to build a unified identity center, integrate the employee identity systems of various companies and organizations, and ensure that the identity information of the same natural person remains unique across the platform.
- Since companies and organizations are distributed in multiple regions around the world, they need to have strong authority management capabilities, security policy capabilities, comprehensive audit reports, and related compliance qualifications to meet the data security compliance requirements of different regions.
- Each subsidiary has different degrees of digital capabilities, and the group hopes to manage the application data of all its subsidiaries in a unified manner and provide a comprehensive data dashboard. At the same time, each subsidiary can also have a complete identity management system to manage the roles of subordinate employees, dealers, etc.
2. Solutions
- Through the unified identity platform and OneID capability built by Authing for the group, the identity system of its subsidiaries can be quickly integrated, and the hierarchical and decentralized management of subsidiaries can be realized through multi-tenancy of Authing, and data isolation between subsidiaries can be guaranteed . At the same time, through the Authing identity automation capability, the real-time synchronization of upstream and downstream data information of the group is realized. It has greatly improved the operation and management efficiency of the group and the enterprise.
- Authing provides the RBAC&ABAC permission management model based on the OPA engine, and provides a complete user behavior audit log within the tenant. At the same time, Authing also meets the compliance requirements of different countries and industries, such as three-level security certification, ISO quality certification system certification, EU GDPR data protection regulations, CMMI level 3 certification, national commercial encryption product certification and other qualifications.
- Through the Authing multi-tenant capability, the group can manage the employee identity information and application data information of all its subsidiaries through the console. At the same time, each tenant (subsidiary) has a complete tenant management console, which can effectively manage the identity information and permissions of employees, suppliers, distributors, partners, etc. within the subsidiary.