Digital Transformation Through Successful, Large-scale Identity Management Deployment

Jim Hicks

Security

Avaya

CISO

SCT29S

#CAWorld

2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type

of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.

For Informational Purposes Only

Terms of this Presentation

3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Abstract

Avaya is undertaking a major redesign and implementation of

their entire identity infrastructure, which is an important

foundation of larger digital transformation initiative across the

company. This redesign includes deployments of CA Single Sign-

On (CA SSO), CA Identity Suite, and CA Privileged Identity

Manager. In this session, Jim Hicks, IT CISO, will describe the

business drivers for this large-scale identity deployment, and the

implementation approach that they took.

Jim Hicks

Avaya

IT CISO

CISSP, CGEIT, CRISC, CISSM

4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Agenda

WHERE WE STARTED (SSO, IDM, LDAP)

BUSINESS DRIVERS, CHALLENGES, UPGRADE STRATEGY

TRANSFORMATION: NEW INFRASTRUCTURE (SSO, IDM, ODSEE, PIM)

LESSONS LEARNED

QUESTIONS

1

2

3

4

5

5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Where We Started

Sub-head

• Single Sign On• Identity Federation

Identity Management• Access Provisioning• Workflow

Management

Privileged Access Management• UNAB authentication• Privileged Access

Identity Governance• Governance• Campaigns

Web Access ManagementPhase 1 Phase 2 Phase 3

Build New Directory

CA SSO

CA Identity Manager

SIGMA

Secure Proxy Server

CA Federation Manager

CA Identity Manager R8

CA PIM

CA Identity Governance

6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Where We Started

290K+ External Users

19K+ Internal Associates

80+ SSO integrated

applications

20+ Federated applications

Provision External and

Internal Identities

1900+ endpoints to

integrate with Privileged

Access Mgr

7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Where We Started

Sub-head

Avaya Transformed

Identity infrastructure

CA Single Sign On

CA Privileged

Access Manager

CA Identity Governance

CA Identity

Manager

• Setup R12.x Identity components

• Consolidate Federation Manager into SPS

• Enable Active – Active high availability across two sites in US

• Upgrade Directory servers, Replicate data between existing and new

• Migrate SSO and Federation applications to new setup

• Provision associate data from SAP HR through IDM

• Migrate applications from R8 IDM to R12 IDM

• Integrate endpoints into CA Privileged Identity Manager

• Integrate provisioning, access including privileged and governance – streamline process, improve efficiency

8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Business Drivers

Transformation of major applications/systems. (ERP, Provisioning, etc.)

Existing versions of CA components reached End Of Life.

Missing critical patch updates, vulnerable to security breaches.

Insource and develop technical capability

9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Challenges

Lack of information and visibility into existing environment

Scattered information due to changing hands

Out sourced, limited ability to expand capability

Application inventory not up-to-date.

Obsolete identity management processes

10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Enforce application inventory of SSO applications/owners

Divide applications into multiple waves to streamline migration process

Communicate migration plan with stakeholders

Setup a parallel R12.x infrastructure

Upgrade Strategy

11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Upgrade Strategy

Deploy R12.x components and leverage advanced features

Follow standard naming conventions, deployment to achieve operational efficiency.

12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Setup Identity infrastructure with latest version of CA

components for:– Web Access Management

– Identity Management

– Identity Governance

– Privileged Access Management.

Integrate CA components to leverage the functionality offered by each

13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Enable end to end Identity solution to:

– Avaya associates

– External customers

– Business Partners

Enable applications to leverage features and benefits

14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Expand new capabilities offered by R12.x CA components

– Consolidate functionalities provided in prior versions of CA components

– Able to consolidate Federation Manager functionality into CA Secure Proxy Server

– Utilize new authentication/authorization web services functionality.

Migrate custom Identity provisioning functionality for more benefits.

Integrate existing role repositories

Automate governance and compliance related functionality to streamline and enhance existing processes.

15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM

CA Privileged Identity

Manager

CA Single Sign On

16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Lessons Learned TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Maintain up to date application inventory of SSO integrated

applications and its corresponding stake holders.

Clearly communicate application migration strategy with stake holders

Plan as part of their release schedules.

Challenged to find appropriate application SME to migrate custom coded application (SSO) – Impact planning & timeline

17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Lessons Learned TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM

Due Diligence required for Application migration:– No non-production or test environments,

– Older, unsupported versions of software.

18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Recommended Sessions

SESSION # TITLE DATE/TIME

SCX07S Identity Suite Roadmap & Vision 11/19/2015 at 1:00 PM

SCT12S Teaching Identity to Sing: A Coca Cola Case Study 11/19/2015 at 3:00 PM

19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Must See Demos

Protect Against Fraud & Breaches

CA Advanced Auth

Security Theater

Engage Customers

CA SSO

Security Theater

Enable Employees and Partners

CA IMAG

Security Theater

Define the Hybrid Enterprise from Breach

CA AA, APIM, SSO

Security Theater

20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

Q & A

21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD

For More Information

To learn more, please visit:

http://cainc.to/Nv2VOe

CA World ’15