mckesson case study
DESCRIPTION
Presented by Nick Yoo, Senior Director of Information Security Architecture and Services, McKesson at ForgeRock Open Identity Stack Summit, June 2013TRANSCRIPT
Open Identity Summit
Open Identity Summit
McKesson “Lean Start-Up” IAM Initiative
Nick Yoo McKesson
Open Identity Summit
Agenda � About McKesson & ISAS Team
� Challenges
� “Lean Start-Up” Approach
� Critical Success Factors
� Current Status
� Direction
� Summary
� Q&A
Open Identity Summit
McKesson At-a-Glance
Open Identity Summit
Leadership Positions in Both Segments
Open Identity Summit
Global Leaders Across Healthcare Industry
Open Identity Summit
Information Security Architecture & Services (ISAS)
Open Identity Summit
ISAS Solutions and Services
Open Identity Summit
History of IAM efforts � Consulting effort began in 2009
� Key business drivers identified
� Standard approach
� Support customer and business partners
� Prepare for new technology and HITECH act
� Cost reduction
� Audit and compliance
� Enterprise Governance
� Recommendations included
� Architecture standards
� Vendor evaluation and selection
� Create one user ID for each customer
� Customer Identity Store
Typical Waterfall Approach
Open Identity Summit
Radically different approach required
Different Customer Base
P&L
Priorities
Business Risks
Unique Solutions
Diverse Requirements
Delivery
Open Identity Summit
“Lean Start-Up” Approach
Lean Principles Strategy
• Experimentation over Elaborate Planning
• Customer Feedback over Intuition
• Iterative Design over Traditional “Big Design Up Front” Development
• Customer Identity • BU-specific projects • Quick Wins • Measured results • Marketing • Just-in-time investments • Lower Costs • No formal product
evaluation • Build infrastructure as
required
Source: S. Blank, Why the Lean Start-Up Changes Everything, HBR
Open Identity Summit
McKesson “Lean Start Up” Process
Pharmacy – OpenAM/DJ Upgrade
MedSurge– OpenAM WebSSO
Distribution Federated SSO
RH Pharmacy – OpenIDM Provisioning
MSO - OpenIDM Self-Service
MHS - OpenIDM On-boarding
Project to Program Shared Services
Enterprise Standard Solutions Enterprise Infrastructure
Open Identity Summit
Critical Success Factors • Open source debates • Legal review of open source license • Open source code scanning • Approval from the CTO office • ForgeRock references
• Unique business needs • Building credibility • Quick wins • Cost comparisons • Open source • Platform as a Service
• Over 50 presentations • Executive-sponsored initiative • Proof of concept projects • Free consulting • Lower cost delivery model
• Framework and Architecture • Project management • Partnerships with customers,
ForgeRock, Exadel, and internal IT organization
• Gradual ramp up through training, pilot projects, external resources
Open Source
Marketing
Delivery
Rapid Adoption One
Access
Open Identity Summit
IAM Framework
� Enhanced user experience � Improved management
of security risks � Efficient development/
deployment of applications � Reusable integration
� HIPAA, SOX compliance
� Common logs � Improved
accountability � Common reporting
� Reduced administrative tasks
� Reduced help desk calls � Improved process efficiency � Reduced Infrastructure
Costs � Central user information
� Reduced administrative tasks
� Reduced help desk calls � Improved security � Accountability � Cost savings
Business Benefits
Identity Management Access Management
Monitoring/Audit & Compliance
User Self-Service & Password Management Virtual Directory Web Access
Management/SSO Centralized Audit
Delegated Administration
Synchronization/ Replication
Federated Identity Management/SSO
Logging and Monitoring
Automated Approvals and Workflows
Meta Directory
Authentication & Authorization Access Certification
Enterprise Role Definition Directory Storage Standard APIs Reporting
Identity Data Services
Prioritized BU Needs To-date
IAM Solutions
IAM Components
Open Identity Summit
Current Status
Most Projects Completed in Less than 3-4 Months
High Satisfaction Ratings from Customers
Over 15 Projects in 7 Major BU’s
3 FTE’s and over 10 Contract Resources
Demand Trends
Over 200 Apps
Identified
Cloud Integration
Open Identity Summit
Our Direction
Over 80% Business Adoption employees, customers and partners connected
securely via McKesson OneAccess
� Patient Identity
� Product Integration
� IAM Ecosystem
� Formal Business Case Development
� Support Key Business Initiative
Open Identity Summit
Summary � Focus on immediate business value
and results
� Scale and expand services as required
� Tackle easy to define projects
� Establish IAM framework
� Maximize open source product value
� Focus on user satisfaction
� Establish strategic partnerships
� Communicate
� Demonstrate success
Open Identity Summit
Q & A