Like it or not, we are headed towards participation in shared processes. Processes that share across internal and external organizational boundaries. It might be taking a value or supply chain or a process outsourcing effort and making the policies, rules and constraints, more changeable by any of the partners or customers. This means that these process definitions, rules and performance dash boards will be visible to many outside your organization at a minimum or alterable at the maximum. Some of these process parameters will be global and shared with very tight security and others will be local and loose. Either way great security is necessary to optimize and protect these shared processes and their contributing components to stay on top of the world. As depicted in one of my favorite groups,
Imagine Dragons, in the official video below:
https://www.youtube.com/watch?v=w5tWYmIOWGk
Staying on Top of Securing Process Flows:
If your processes are pretty static & dumb or if they are smart & nimble to determine their own direction, they all need security that is top notch. There should be security that is granular enough to identify who has the right to change the process flows (human or bot) that guarantees an end to end flow that delivers the results that all of the parties in the shared process can support. This starts with simple authentication of the individuals / bots making the changes and includes guarantees that all parities agree to the change. A unsecured change to a process could be devastating to any one of the participants or partners in the end to end process where the shared portions are unauthorized.
Staying on Top of Securing Policies, Business Rules & Constraints:
Even the most simple of rules in a shared process can have positive or negative effects to the overall process, the shared portions of that process or individually owned portions of a process. It's really difficult to outsource or share processes that differentiate value chains and individual processes when the rules that govern them are outside the organization. This is why great security over global and shared policies, rules and constraints have to be identified to require global agreement before changes can happen in our speed hungry world. Those business rules that only have local impact will also be secured and authorized, but not to the same extent.
Staying on Top of Securing Transparency of the Outcomes:
Visibility to all parties in essential in local and shared processes. Shared processes are likely to have a global performance management dashboards that highly shared to see the operations on a moment by moment basis and impact of any new changes authorized by the global partner networks. Every one's view of that corporate performance might be different, but the data / information will be consistent. Changes to that data will require significant collaboration and security, Local variations to the performance measures and views will again require a lighter security touch.
Net; Net:
There are many partners, parties and pieces to a shared process that have to measured properly for the proper level of security. If processes are just between your organization and a customer, then the security must be there, but not to the same level of scrutiny. Shared processes have to have top security methods, tools and techniques to stay on top of the world !!
Additional Reading on Security:
http://jimsinur.blogspot.com/2015/07/great-security-doesnt-ruin-party-time.html
http://jimsinur.blogspot.com/2015/07/imagine-no-passwords-its-easy-if-you-try.html
http://jimsinur.blogspot.com/2015/06/security-is-boat-anchor-to-digital.html