case study: digital transformation through successful, large-scale identity management deployment
TRANSCRIPT
Digital Transformation Through Successful, Large-scale Identity Management Deployment
Jim Hicks
Security
Avaya
CISO
SCT29S
#CAWorld
2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type
of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
For Informational Purposes Only
Terms of this Presentation
3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Abstract
Avaya is undertaking a major redesign and implementation of
their entire identity infrastructure, which is an important
foundation of larger digital transformation initiative across the
company. This redesign includes deployments of CA Single Sign-
On (CA SSO), CA Identity Suite, and CA Privileged Identity
Manager. In this session, Jim Hicks, IT CISO, will describe the
business drivers for this large-scale identity deployment, and the
implementation approach that they took.
Jim Hicks
Avaya
IT CISO
CISSP, CGEIT, CRISC, CISSM
4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Agenda
WHERE WE STARTED (SSO, IDM, LDAP)
BUSINESS DRIVERS, CHALLENGES, UPGRADE STRATEGY
TRANSFORMATION: NEW INFRASTRUCTURE (SSO, IDM, ODSEE, PIM)
LESSONS LEARNED
QUESTIONS
1
2
3
4
5
5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Where We Started
Sub-head
• Single Sign On• Identity Federation
Identity Management• Access Provisioning• Workflow
Management
Privileged Access Management• UNAB authentication• Privileged Access
Identity Governance• Governance• Campaigns
Web Access ManagementPhase 1 Phase 2 Phase 3
Build New Directory
CA SSO
CA Identity Manager
SIGMA
Secure Proxy Server
CA Federation Manager
CA Identity Manager R8
CA PIM
CA Identity Governance
6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Where We Started
290K+ External Users
19K+ Internal Associates
80+ SSO integrated
applications
20+ Federated applications
Provision External and
Internal Identities
1900+ endpoints to
integrate with Privileged
Access Mgr
7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Where We Started
Sub-head
Avaya Transformed
Identity infrastructure
CA Single Sign On
CA Privileged
Access Manager
CA Identity Governance
CA Identity
Manager
• Setup R12.x Identity components
• Consolidate Federation Manager into SPS
• Enable Active – Active high availability across two sites in US
• Upgrade Directory servers, Replicate data between existing and new
• Migrate SSO and Federation applications to new setup
• Provision associate data from SAP HR through IDM
• Migrate applications from R8 IDM to R12 IDM
• Integrate endpoints into CA Privileged Identity Manager
• Integrate provisioning, access including privileged and governance – streamline process, improve efficiency
8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Business Drivers
Transformation of major applications/systems. (ERP, Provisioning, etc.)
Existing versions of CA components reached End Of Life.
Missing critical patch updates, vulnerable to security breaches.
Insource and develop technical capability
9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Challenges
Lack of information and visibility into existing environment
Scattered information due to changing hands
Out sourced, limited ability to expand capability
Application inventory not up-to-date.
Obsolete identity management processes
10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Enforce application inventory of SSO applications/owners
Divide applications into multiple waves to streamline migration process
Communicate migration plan with stakeholders
Setup a parallel R12.x infrastructure
Upgrade Strategy
11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Upgrade Strategy
Deploy R12.x components and leverage advanced features
Follow standard naming conventions, deployment to achieve operational efficiency.
12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Setup Identity infrastructure with latest version of CA
components for:– Web Access Management
– Identity Management
– Identity Governance
– Privileged Access Management.
Integrate CA components to leverage the functionality offered by each
13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Enable end to end Identity solution to:
– Avaya associates
– External customers
– Business Partners
Enable applications to leverage features and benefits
14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Expand new capabilities offered by R12.x CA components
– Consolidate functionalities provided in prior versions of CA components
– Able to consolidate Federation Manager functionality into CA Secure Proxy Server
– Utilize new authentication/authorization web services functionality.
Migrate custom Identity provisioning functionality for more benefits.
Integrate existing role repositories
Automate governance and compliance related functionality to streamline and enhance existing processes.
15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Transformation: New Infrastructure(SSO, IDM, ODSEE, CM) TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM
CA Privileged Identity
Manager
CA Single Sign On
16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Lessons Learned TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM Maintain up to date application inventory of SSO integrated
applications and its corresponding stake holders.
Clearly communicate application migration strategy with stake holders
Plan as part of their release schedules.
Challenged to find appropriate application SME to migrate custom coded application (SSO) – Impact planning & timeline
17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Lessons Learned TraTransformation: New Infrastructure (SSO, nsformation: New Infrastructure (SSO, IDM, ODSEE, CM
Due Diligence required for Application migration:– No non-production or test environments,
– Older, unsupported versions of software.
18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
SCX07S Identity Suite Roadmap & Vision 11/19/2015 at 1:00 PM
SCT12S Teaching Identity to Sing: A Coca Cola Case Study 11/19/2015 at 3:00 PM
19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Must See Demos
Protect Against Fraud & Breaches
CA Advanced Auth
Security Theater
Engage Customers
CA SSO
Security Theater
Enable Employees and Partners
CA IMAG
Security Theater
Define the Hybrid Enterprise from Breach
CA AA, APIM, SSO
Security Theater
20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
Q & A
21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD
For More Information
To learn more, please visit:
http://cainc.to/Nv2VOe
CA World ’15