Extranet Best Practices

An extranet is an extension of a company’s internal network that allows authorized users to access information in a secured manner. Public access can be given to employees, customers, partners, investors, or other key stakeholders.

Extranets generally reside on a company’s private server rather than on a public Internet server. However, they use Internet protocols so users can navigate with a web browser. Access from the Internet can be controlled through various architectures that are username/password specific, thus limiting users to pages relevant to their needs, while keeping other areas of the extranet private and secure.

Business Benefits of Creating an Extranet

Many service oriented companies use extranets to provide a system for customer support and to have a single user interface to communicate with business partners. Other reasons companies tend to use extranets are as follows:

• Supply Chain Integration: Online ordering, order tracking, and inventory management.
• Cost Reduction: Companies will often make manuals, catalogues, or technical documentation available online to save money on printing and distributing hard copies.
• Accountability: Past projects and draft documents can be archived, accurate time and billing information can be documented, and a communication log can be maintained to ensure service level agreement are met.
• Collaboration Between Business Partners: Allowing members of a product team to work with common documentation remotely can increase collaboration.
• Improve Business Relationships: Extranets provide better communications among business partners.
• Improve Customer Service: Allows customers to have direct access to information and to resolve their own inquiries 24/7.
• Work remotely: Enables constant communication and access to business information regardless of time or location. This can also make servicing remote clients easier and less expensive than traditional methods.
• Security: Provided this is a requirement for your extranet, exchanges will take place in a secure environment with log information readily available.

Security Issues Surrounding Extranets

When business data is made available to stakeholders, it is expected to be available, up-to-date and secure at all times. It is often difficult to protect all extranet applications using the same security infrastructure because each business application tends to have its own unique set of performance and security requirements.

The following is a list of key security considerations:

• Align Stakeholder Security Expectations: ensure that all users of the extranet understand that they have a responsibility to ensure that data is kept secure.
• Document Service Level Agreements (SLA): clearly document resolution times for customer issues, based on severity, business impact, and available resources. Minimize any liabilities regarding customer support.
• Take Extranet Liabilities into Account: risks such as unplanned disasters (denial of service), performance degradations or application unavailability, and security breaches, can cause major problems if your business becomes entirely dependent on this system.
• Review Extranet Access Controls to validate that they represent the best choices for the specific business applications and user connectivity needs. Consider adding two-factor authentication to increase security.
• Cost Development Efforts Accordingly: All administration, integration, and management costs should not be overlooked or underestimated.
• Consider Other Security Measures on a per application basis: These include data encryption and protection, mutual client/server authentication, and user access rights verification along with non-repudiation.
• Establish Security Policies: user access and privilege requirements must be established, disseminated to users, and actively enforced to reduce your risk.
• Review Privacy Legislation: evaluate HIPAA, Sarbanes Oxley, and other legislation to ensure that the information you plan to provide is permitted.
• Application Security Reviews: should be conducted to ensure that security policies are working as planned. Be sure to actively check access logs on a weekly basis.
• Servers and Physical Storage must be situated in a secure environment to ensure application availability.
• Don’t Forget to Create Backups: on a daily basis.

Extranet Design Best Practices

1. Take Time to Select the Right Solution: Employees must be comfortable with the solution. It must also reflect the right amount of information you want to store and exchange with clients, partners, or other users.
2. Consider Outside Assistance: If you don’t have internal IT skills, hire a reputable IT service provider who can help with set-up, hosting and on-going support.
3. Monitor the Solution: Monitoring can be done both internally (through employee survey) and externally (through client feedback). Also, review adoption rates and application performance on a regular basis.
4. Review the Solution: After a few months, conduct a formal review to see how much money the system has saved your organization. It is also important to consider intangible benefits like increased customer satisfaction.
5. If It's Not Working, Don't Use It: Don't waste time trying to force a fit for all stakeholders. You can always add functionality or sections for stakeholder groups on an incremental basis. Current solutions may need to be replaced with more user-friendly or secure applications.
6. Don’t Put Everything In: Too much information in your extranet can make it more difficult for users to find what they are looking for. Create a homepage that lists the most commonly searched for information, to facilitate user adoption rates and experience.

How to Set-up your Extranet

Make sure to use Demand Metric’s Extranet Development Checklist to ensure nothing is overlooked when setting up your extranet.

It is important to take the following criteria into consideration before moving forward:

1. Define your Requirements: Conduct ample research into external and internal stakeholder requirements. Use our Business Requirements tool to document requirements for each stakeholder group.
2. Goals and Objectives: Align internal and external goals with senior level objectives. Also, outline desired outcomes and how success will be measured.
3. Select Target Audience: Discuss your target audiences and how this solution will address their needs. Ensure that all key requirements can be delivered.
4. Content: Determine what content you would like to deliver via your extranet and create a content structure that is intuitive and easy to find information. Read our report on Revitalizing Intranets to gather ideas for content that you would like to make available externally.
5. User Access Controls: Develop a strategy to control access and to manipulate data (i.e. rights given to add records, modify records, and delete records). This is generally done by user, by role, or by workspace.
6. Create Role Based Functionality: Address roles in your organizations (administration, client, employee, management) and assign features and functions to roles. Training and on-going support must also be addressed, when determining maintenance processes.
7. Implement your Solution: work with your IT department or service provider to technically implement your extranet and conduct adequate testing procedures.
8. Go Live: This is done following a period of testing. Be sure to communicate the launch of this new resource.
9. Conduct User Training: Ensure that all user groups are comfortable using the extranet to drive adoption.
10. Review and Monitor: Monitor user adoption and review goals, objectives, and metrics on a regular basis.