External Access and Extranets

Originally published on July 24, 2017

44th in a series of 50 Knowledge Management Components (Slide 58 in KM 102)

External access: capability for users outside of a company’s firewall to have access to selected web sites and team spaces to allow collaboration with retirees, partners, and customers who would otherwise be blocked from the company’s internal network — requires technical, security, and legal elements

Extranet: an intranet that can be partially accessed by authorized outside users, enabling businesses to exchange information over the Internet securely; controlled private network that allows access for partners, vendors, suppliers, or an authorized set of customers — normally to a subset of the information accessible from an organization’s intranet

In The Wealth of Knowledge: Intellectual Capital and the Twenty-first Century Organization by Thomas Stewart, in chapter 5, pages 85–87, the following key elements of a KM program are defined based on the experience of Steve Denning at the World Bank:

1. communities of practice
2. place (online presence for the communities)
3. help desk
4. Yellow Pages (who-knows-what directory)
5. primer (FAQ)
6. knowledge artifacts (records of previous projects, emphasizing best practices and lessons learned)
7. bulletin board
8. doorway (a provision for outside access)

The final item, doorway, is often overlooked as an enabler for knowledge sharing to occur. Here are three examples of why external access can be valuable to an organization.

1. There is increasing concern about the loss of valuable knowledge as the workforce ages and the baby boomers retire. Many of these retirees are willing to continue to share the knowledge they have gained over many years of experience. In order to do so, they need to be given access to community tools such as portals, team spaces, and threaded discussions. Providing this access poses minimal security risks and offers great benefits in ongoing contributions from the most experienced community members. See Knowledge Retention: How to deal with a departing workforce.
2. Partners need access to similar information to the internal sales force in order to effectively sell and deliver products and services as part of the partnership. Giving them access to the relevant knowledge bases, under appropriate nondisclosure agreements, will greatly enhance the success of the partnership. And partners can contribute their knowledge to communities within the organization if they are allowed to do so.
3. Customers may also be able to share knowledge as extended community members. They also can benefit from having access to problem resolution knowledge bases so they can solve their own problems, product information databases so they can buy more products, and logistics and support tracking systems so they can stay current on the status of pending deliveries and services without the need to contact a call center. For projects being delivered to customers, it is very beneficial to include them as participants in the team spaces for their projects.

Dealing with each of these opportunities in a way which maintains required levels of security, protects intellectual property, and enables the right level of access can be tricky. But it is worth creating the people, process, and technology mechanisms to make it work. The technology elements include providing gateways, secure servers, and identity management hardware and software.

When not to provide external access

External access should not be provided for highly confidential collaboration and communication, internal-only projects, or internal Enterprise Social Networks (ESNs). This last one (ESNs) is controversial, and caused an uproar when Microsoft announced that external participation was being enabled for Yammer. The problem with doing so is that an ESN is generally thought to be an internal-only network, and the presence of external participants could be unnoticed by some members, leading to potentially damaging revelations of confidential information to non-employees.

When this came up in 2015, I made the following arguments against allowing external participants into Yammer:

1. Allow external users

• User experience

1. Able to invite external participants, either intentionally or unintentionally
2. Can participate in an external thread that appears in the ESN, either knowingly or unknowingly

• Risks

1. May be unaware that external participants are able to see a thread
2. May be unaware of being in an external network

2. Don’t allow external users

• User experience

1. All threads that appear in the ESN are internal only
2. To participate with external people, must explicitly switch to an external network

• Risks: None

Use Cases for Providing External Access

1. Prospects — interact with those who can help persuade them to become customers
2. Customers — participate in their projects, monitor delivery of their purchases, get support from those best able to provide it, and support one another
3. Partners — access information needed to support the partnership, collaborate with the right people, and directly use relevant business systems
4. Vendors, Suppliers, and Providers — deliver support for products being used, see problems for themselves, and interact with one another
5. Analysts — access appropriate information to help develop and update analyses of the company and its offerings
6. Contractors — use time reporting, expense reporting, scheduling, project management, and team collaboration systems as if they were employees
7. Collaborators — suggest improvements, collaborate on initiatives, and deliver innovations
8. Alumni and Retirees — participate in communities, answer questions, and provide support
9. Candidates and Recruits — interact with interviewers, hiring managers, and one another
10. Officials, Reviewers, and Auditors — access relevant systems and databases, interact with appropriate contacts, and communicate progress and results

Systems and External Users That Can Benefit from External Access

1. ERP (Enterprise Resource Planning), Transaction Processing Systems: vendors, suppliers, providers, contractors, officials, reviewers, auditors
2. Travel reservations: travel agencies, travel providers
3. HR (Human Resources), Recruiting, LMS (Learning Management System), e-learning; vendors, suppliers, providers, contractors, candidates, recruits
4. Engineering, Manufacturing, Distribution, Logistics, Scheduling: vendors, suppliers, providers, contractors
5. Enterprise Search and Enterprise Taxonomy: search and taxonomy vendors
6. CRM (Customer Relationship Management): CRM vendor
7. Collaboration and Gamification: customers, partners, vendors, alumni, retirees
8. Idea Management: collaborators
9. Customer Support Knowledge Bases: prospects, customers, vendors, alumni, retirees
10. Market research, Competitive intelligence, Customer intelligence: vendors, analysts

Requirements for Enabling External Access

1. Define goals, objectives, and benefits: clearly explain why external access is being provided
2. Define user roles: specify exactly what external users should be able to do, and what they should be restricted from doing
3. Set expiration dates and require access approval renewal: limit the duration of external access
4. Define approval and governance processes: specify how external access is granted, revoked, monitored, and controlled
5. Provide clear alerts to users: let external users know the limits of their access, and make internal users aware of the possible presence of external users
6. Restrict permissions, and let users know what these are: limit rights of external users to just those absolutely necessary for their role, and inform them of these limits
7. Create user classes with default permissions: define typical external user profiles with associated use cases, and grant just the permissions needed for these roles as defaults
8. Wall off access to internal systems and data: use data security to make it impossible for external users to access key confidential information
9. Flag external users: create and apply special designations, icons, naming, colors, etc. to clearly differentiate external users so that their presence is made obvious
10. Set absolute limits: make it impossible for external users to create new team spaces, delete information, write into read-only access databases, or take other high-risk actions that should never occur

Examples

1. HP

2. Deloitte

Resources

1. Intranet, Internet, Extranet merger imminent by Jonathan Phillips
2. The Benefits of an Extranet by AllBusiness Editors
3. How Companies Use Extranets by AllBusiness Editors
4. Simple External Corporate Intranet Access by Intranet Connections
5. Manage external sharing for your SharePoint Online environment
6. Share sites or documents with people outside your organization
7. Create an external business-sharing site in SharePoint Online
8. Work with external groups in Viva Engage
9. 4 ways to setup external users in SharePoint by Greg Zelfond
10. The Definitive Guide to Office 365 External Sharing by Nathalie Jard
11. SharePoint Online External Users by Victor Butuza
12. What you need to know about SharePoint & external access by James Matthews

Books

1. Extranets: The Complete Sourcebook by Richard H. Baker
2. Practical Guide for Implementing Secure Intranets and Extranets by Kaustubh M Phaltankar
3. Extranets: Designing, Planning and Implementation: A Practical Guide for implementing Secure Enterprisewide Communication by Sheriza Hassan-Ali
4. Extranet in Development of Supply Chain: Case study by Maria Leivo
5. Extranet Design and Implementation by Peter Loshin
6. Building an Extranet: Connect Your Intranet with Vendors and Customers by Julie Bort and Bradley Felix