identity & access management...identity lifecycle management maintaining an accurate, up to...

Copyright © 2009 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

Identity & Access Management

Unlocking the Business Value

Unlocking the Value of Identity and Access Management

• Defining the IAM challenge today

• Optimising the value delivered with IAM capabilities

• Establishing a value-driven IAM transformation journey

Copyright © 2009 Accenture All Rights Reserved. 2


IAM covers a broad scope of challenges that includes enabling the internal organisation, working with business partners, and servicing customers

Identity Lifecycle ManagementMaintaining an accurate, up to date, accessible inventory of all users, their credentials and information at appropriate levels of trust

Internal AccessMaintaining and enforcing access of internal

Credentials

Identity and Access Management is the job of understanding the identities that interact with your organisation and enforcing the appropriate access rights

Copyright © 2009 Accenture All Rights Reserved.

Customer / Citizen AccessMaintaining and enforcing access of external users to all channels in the organisation to streamline customer or citizen interactions, provide data privacy and minimize fraud

Business Partner AccessMaintaining and enforcing access of business partners to various channels to enable business to business productivity and commerce, maintain federated security and appropriate controls

Maintaining and enforcing access of internal users to business resources to enable business productivity, provide security and segregation of duties controls

Ide

ntitie

s

EntitlementsAccess Control

Audit & Compliance

There are several business drivers that are placing an increasing number of requirements on an organisation’s IAM capabilities

Business Driver Description IAM Needs to…

Growing IT Security Costs

• Strong pressure to reduce cost

• Complex security processes

• Multiple systems & solutions

• Lots of reporting

• Drive down costs through

– Rationalisation

– Standardisation

– Reduced fraud


Regulatory Compliance within IT Security

• Added compliance & regulatory pressure

• Still the # 1 reason companies invest

• PCI, HSPD-12, etc

• Provide a truly auditable information access solution

• Provide strong top-down control over access of different user types.

Mergers & Acquisitions

• Increased M&A activity driving I&AM. • Integrate existing IA&M solutions and drive down associated costs.

Risk of Security Breach

• Need to balance the risk

• Security breaches continue to be costly (fines, reputation, publicity)

• Provide strong access management controls

• Minimise the risk of security breaches

• Provide irrefutable information to authorities.

Enabling New Business Capabilities

• Everyone is looking to reduce cost, organisations need an edge.

• Ability to quickly partner with other

organisations

• Support new business capabilities through integration of business partners, suppliers or

client firms.

The complexity of IAM is increasing significantly as a result of the growing number of identities that an organisation has to manage in conjunction with the increasing number of resources to which an organisation must control access.

The evolution of Information Technology is making it increasingly challenging to effectively deliver IAM capabilities

Identities Resources


# o

f R

es

ou

rce

s

Evolution of IT

DirectoriesAccess to core directories and networks

# o

f Id

en

titi

es

Scope of IAM

Mergers and Acquisitions

Remote Access

Cross Channel AccessGlobalization

Opening of BordersInfrastructure

Access to physical assets, servers & databases in the environment

ApplicationsCoarse grained access to applications across the enterprise

Structured DataEntitlements to structured data within applications

Unstructured DataAccess to unstructured data across the enterprise

MainframeDesktops

Email

Web Applications

ecommerce

Business Partners

Customer Identities

Citizens

The number of resources, assets and data requiring protection has increased dramatically.

In recent years there has been an explosion in the number of digital identitiesthat an organization is required to manage.

Many organizations today have implemented a variety of different IAM solutions in an attempt to address specific pain points

LDAP Directory

Tokens

PKI

Password Sync

Meta-Directory

Virtual Directory

ProvisioningHelp Desk

Self Administration

Customer Database

Biometrics

Passwords

Smart Cards

Web SSO

eSSO

Kerberos

Federation


Access Certification

Distributed Auditing

Delegated Administration

RBAC

Access Control Lists

Self Administration

Business Partner

HR

CRM

Procurement

Payroll

Asset Inventory

VPN

AuthZ

Ide

ntitie

s

EntitlementsAccess Control

Audit & Compliance

Credentials

High performing organisations maximise the value of their IAM investment by developing strong IAM capabilities that are well aligned with the needs of the business

FRAGMENTED• Redundant processes and

technologies implemented throughout the organisation

• Custom solutions often “baked in” to applications

OPTIMIZED• Rationalised identity services

optimised for business needs

• High levels of integration with users and applications across the organisation

Well

Aligned

Needs help:

• Assessing and

standardising existing

capabilities

• Decommissioning

redundant IAM systems

Needs help:

• Evaluating

emerging

technologies

• Strategy & release

planning

• Evaluating cost


in” to applications the organisation

UNSTRUCTURED• Lack of focus and priority by

business and IT leadership

• Limited IAM capabilities based on antiquated and/or inadequate solutions

MISALIGNED• Over-engineered solutions that

struggle to demonstrate value

• Poorly defined, and/or complex business processes

• Heavy Infrastructure, and limited application focus

Immature Mature

Loosely

Aligned

IAM Capability

BusinessAlignment

• Evaluating cost

containment tactics

Needs help:

• Business process

reengineering

• Functionality

enhancements

• Communications,

Training, and

Awareness

Needs help:

• Program mobilisation

and capability planning

• Building out IAM core

services

There are several common opportunity areas to improve IAM capabilities that can increase the value delivered to an organisation

Value Levers Example Opportunity Areas

• Implement a cross-organisation Segregation of Duties framework for all

business critical applications

• Reduce the risk of inappropriate use of system level administration access by securing the review and assignment process controls.

• Increase the trust levels of organizational identity systems by implementing a risk-based approach for identity validation & establishment.

Risk & Compliance


• Reduce admin costs such as password reset and access request costs by implementing user self-service and automation of account provisioning activities on for high volume systems.

• Reduce the annual cost of compliance by standardising access request & review processes.

• Reduce the cost of service per customer by implementing self service capabilities.

risk-based approach for identity validation & establishment.

• Reduce barriers of entry for joint venture & business partner endeavours by enabling federated identity capabilities.

• Increase competitive advantage with customer base by providing a more personalised and secure user experience.

• Increase productivity of work force by reducing the managerial time spent

reviewing & approving the appropriateness of user access

Cost Reduction

Business Enablement

Business Value of

I&AM

Enhancing IAM capabilities can help with cost takeout initiatives across an organisation

Internal Access

Business Partner Access

Customer Access

Identity Lifecycle

Management

The cost associated with storing, maintaining and accessing identity related data and managing the full identity life cycle.

Risk & Compliance

Identities

The cost associated with managing the life cycle of


The cost associated with the administration of accounts in an organisation and the financial impact of incorrectly allocated entitlements.

The costs associated with the data collection and creation of reports for regulatory compliance such as Sarbanes Oxley.

The costs associated with performing authentication and authorisation checks on users before allowing them access to company resources or data.

Credentials

Entitlements

Access Control

Audit and Compliance

Business Enablement

Cost Reduction

Business Value of I&AM

The cost associated with managing the life cycle of credentials and their ancillary support items ( e.g. password reset helpdesk calls).

Rationalising the processes and tools used to manage the lifecycle of identities can help organisations reduce the cost of redundant systems

Identities• Reduce costs of maintaining separate identity lifecycle management process

by integrating them into existing business processes

• Reduce costs by minimising duplicate credentials through effective

Identity Lifecycle Management


Credentials• Reduce costs by minimising duplicate credentials through effective

management of the core identities that interact with your business

Entitlements

• Automatic role based provisioning aligned to a single view of identity allows productivity to increase as users have access to the right systems to complete their role activities

Access Control


• Reducing the complexity and cost associated with audit activities by understanding the full breadth of actions a single identity can have across a large number of accounts and systems

Internally, there are significant cost savings that can be achieved within an organisation associated with annual compliance and high volume help desk requests

Internal Access

Identities• Consolidate user repositories to a single logical instance • Standardize on a single IAM COTS vendor a negotiate a cross-organisation ,

full suite license agreement

• Reduce the development time for new services by standardising and sharing


Credentials

• Reduce the development time for new services by standardising and sharing security components

Entitlements

• Reduce user access administration costs by automating account provisioning activities for high volume systems

• Reduce IAM support costs by Implementing a lower cost resource model for tier 2 and tier 3 support functions

Access Control

• Reduce help desk & password reset costs by implementing user self-service solutions

• Implementing Enterprise/Web SSO provides decreased re-authentication activities and reduces help desk and password reset costs


• Reduce the annual cost of compliance by standardising access requests & review processes

• Automate and streamline manually-intensive access certification processes

You can reduce the costs working with partners by leveraging IAM capabilities to establish circles of trust that enables a higher self of governance

Business Partner Access

Identities• Reduce administration costs by allowing suppliers/business partners to

manage their own users

Credentials • Reduce the number of credentials that need to be managed by supporting federation capabilities


Entitlements

• Reduce support and helpdesk costs by automating access request and approval processes

• Reduce IAM support costs by Implementing a lower cost resource model for tier 2 and tier 3 support functions

• Increase business partner utilisation by reducing on-boarding times with automated provisioning

Access Control

• Reduce the development time for new services by standardising and sharing security components

• Rationalize existing identity related hardware/software by implementing a common federation service


• Reduce the annual cost of compliance by standardising access requests & review processes

• Automate and streamline manually-intensive access certification processes

Mature IAM capabilities can help reduce the cost to serve customers by enabling user self-service and automated

Customer Access

Identities

• Improve single view of the customer and improve productivity by reducing the number of systems sales staff need to access to collect customer information

• Rationalize existing identity related hardware/software by implementing a common set of shared IAM services for all customer facing applications


Credentials• Reduce help desk call times by automating identity validation processes

• Reduce help desk calls by enabling user password self-service solutions

Entitlements

• Reduce user access administration costs by automating account provisioning activities for high volume systems

• Reduce help desk calls by provisioning the right access first time with automated entitlement provisioning

Access Control

• Reduce help desk & password reset costs by implementing user self-service solutions

• Reduce the development time for new business services by standardising and sharing security components


• Simplify audit activities across systems by standardizing and centralising audit capabilities

An approach to delivering value with IAM that is focused on business transformation

Business led, not security or compliance led

Discrete projects aligned to business objectives are managed as part of a

transformation program. Strict governance is implemented from the outset alongside

an industrialized delivery methodology.

The business has ownership of IAM activities and delivers them in cooperation with

the technology stream. The business case is built upon strong and validated metrics

and is used to obtain high level management buy-in.

A transformation approach focused on delivering a defined set of projects that meet business objectives


an industrialized delivery methodology.

All aspects of the solution including the people and process elements are considered,

not just the technical side. Simple process improvements can deliver greater value

than complex technical systems.

A strong understanding of real business requirements form the foundation for the solution

design. Where often solutions are over-engineered to meet non existent requirements,

The integration approach is both top-down and bottom-up focused. This approach

ensures coverage and impact for the large majority of all applications, not just a few

infrastructure systems. It is based upon delivering value and not automating functions

without understanding the impact and value that will be realised.

meet business objectives

Process centric, not technology centric

Application focused, not infrastructure focused

Practical solutions, not architectural masterpieces

A typical IAM journey will help organisations gain control, reduce costs, and then drive additional value to the business

Typical IAM Transformation Journey

Hig

h

Gain Control & Compliance Reduce Costs Enable the Business

Med

ium

Risk Cost Business benefit


• Implement solutions to reduce to simple, high volume administration requests (i.e. password reset).

• Streamlined compliance processes and basic technology tools implemented to reduce

manual compliance costs.

• Basic governance and process controls put in place to meet compliance requirements

• High volume business processes reengineered and automated as a standard service.

• Core identity data and hardware is rationalised across the organisation.

• Focus on leveraging the standardised identity services to enable new

business ventures.

Lo

wM

ed

ium

Identities

EntitlementsAccess

Control

Audit & Compliance

Credentials

Organizations must first understand their existing IAM capabilities and evaluate their change initiatives to develop a value-driven transformation roadmap

IAM Capability Maturity Model

Understanding the maturity of the existing capabilities is an important step to ensure that full leverage is achieved from the investments Basic

Defined

Mature


Audit & Compliance

18

from the investments made to-date.

Bu

sin

es

s V

alu

e

Quick Win

Quick Win

Misaligned

Strategic

Project AProject B

Project CProject D

A value driven transformation roadmap provides a comprehensive list of prioritised change initiatives that enable an organisation to deliver incremental value

Evaluating the planned, or in-flight IAM change initiatives can help organisations ensure that they are prioritising their investments to maximise the business value delivered.

IAM Project Assessment

Investment

Basic

Questions & Comments


Dave Ruzicka

Office: +61 3 9838 8487

Mobile: +61 413 382 212

Email: [email protected]

identity & access management...identity lifecycle management maintaining an accurate, up to...

Documents