Identity & Access Management Project Challenges and Recovery
Download as PPTX, PDF2 likes1,720 views
The document discusses the challenges and solutions in identity and access management (IAM), highlighting the need for accurate and timely identity data in complex business environments. Common implementation issues include data quality, process misalignment, and inadequate stakeholder engagement. Successful IAM requires a focus on establishing data accuracy, understanding authoritative sources, and integrating processes across the organization.
Identity & Access Management Project Challenges and Recovery
- 1. www.idenhaus.com Identity & Access Management Project Challenges and Recovery August 2017
- 2. www.idenhaus.com • Identity and Access Management - Definition and Overview • Business Drivers for IAM • Project Challenges • Success Factors 2 Identity & Access Management Agenda
- 3. www.idenhaus.com What is Identity & Access Management? Access Management The systems and processes that control who has access to IT resources, and what each person is entitled to do with those resources. Identity Management The systematic collection, maintenance, and distribution of identity data to support business processes and systems. 3
- 4. www.idenhaus.com Why Identity & Access Management? Identity Personalized Content Access 2. Provided to Resources Based on Authenticated Identity 1. Verify Who 3. Services Based on Role or Preferences 4
- 5. www.idenhaus.com Increasingly Complex Business Environments Drive Need for IAM Organizations need a “unifying framework” to organize accurate and timely information about their employees, contractors, customers, partners—Identity is that framework Complex Customer Interactions • Multiple channels, products, services drive need for single customer identity Regulatory Requirements • Demonstrate policy compliance, proper controls, auditability Security Concerns • How to manage ”need to know” • How to reduce risks of data exposure • Growing internal & external threats Information Quality • Inconsistent, inaccurate, missing data • Multiple sources, which is authoritative? Extended Enterprise • Manage contractors, partners, suppliers, and customers Improved Service Regulatory Compliance SecurityPrivacy Business Value Scalability 5 5
- 6. www.idenhaus.com … but your systems and processes look like this 6
- 7. www.idenhaus.com Automation makes a system of many appear fewer. 7
- 8. www.idenhaus.com AUTHORITATIVE SOURCES IDENTITY STORE SERVICE DIRECTORIES CONSUMERS Recruiting Human Resources (HRIS) Contractors Authentication Services Active Directory/Azure Virtual Directory Service Saas Applications Proxy Servers Identity Store 8
- 9. www.idenhaus.com How IAM Solutions Work Personnel # Last Name Phone First Name First Name Personnel # E-mail Last Name User Profile Phone Mail Other Attributes ... Authoritative Source (SAP, Workday, Lawson) First Name Phone UserID UserID Last Name eMail UserID Email Sync to Consuming Systems Last Name First Name eMail Identity Store Bobby on Portal Create Identity & publish to ID Store Human Resources 003456 Bobby Doe 404.555.5555 bdoe@domain.com A12345 A12345 bdoe@domain.com 404.555.5555 Bobby Doe bdoe@domain.com Bobby 003456 Doe 9
- 10. www.idenhaus.com • Data Quality Issues – Accuracy, Completeness, Availability, Latency, Consistency • Broad Scope – Internal users, external users, partners, suppliers, customers • Business Processes Misalignment with IAM – SLA – Process vs. Technology • Stakeholders Push Back – Human Resources – Asset Management – Security 4 Common Challenges with Implementing IAM 10
- 11. www.idenhaus.com • Who are you? What uniquely identifies you? • What is your relationship to the organization? • What is your role? • Who do you manage? • What assets do you have? • How do we link: – Bob Jones in system A, with – Robert Jones in system B, with – R Jones in system C? IAM begins with accurate user data 11
- 12. www.idenhaus.com Getting clean, consistent, and complete data into the identity store is typical hurdle for any IAM implementation. Bottom line: establishing data quality & accuracy can be a major factor in creating a functional provisioning solution. Sample of types of data needed for Identity Store: …first name, middle name, last name, cost center, location, work status, telephone number, supervisor/manager, user class (employee, contractor), expiration date (contractors), business/functional role. Data quality is a typical challenge 12
- 13. www.idenhaus.com How big is too big? • User Types (employee, contractor, partner, etc.) • Downstream systems (AD, ERP, Marketing, etc.) • Authoritative sources (HRIS, VMS, database, etc.) • Workflows (on/off-boarding, transfers, etc.) Broad Scope: Tackling too much at once 13
- 14. www.idenhaus.com We have a Process Misalignment EXAMPLE: • “Asset provisioning requires one-week lead time to configure and ship a workstation for a user…” • “The HR team’s SLA is to get the worker’s HR record complete 2 days before their first payroll, which is up to 12 business days after the worker starts…” SOLUTION: Integrate and optimize processes around outcomes. 14
- 15. www.idenhaus.com • Audit Security control and risk reduction • Financial Department Cost savings / ROI • IT Infrastructure Efficiency and centralization • Network Manager Consolidation, single infrastructure, management • Support Ease of administration • Platform Owner Reduced administration, single sign-on • Help Desk Reduced calls through self-service • Application owner for HRIS User data, integration • Strategy Platform and foundation for centralized services • Business Unit Tactical requirements, improved security IAM Stakeholders 15
- 16. www.idenhaus.com16 Stakeholder Analysis Influence Engagementlow high high Wild Cards (engage & consult) Spectators (keep informed) Champions (engage & support) Contributors (keep involved)
- 17. www.idenhaus.com • Investigate and Understand Data Quality Issues • Identify all Sources of Authoritative Data • HR, eMail • Follow 80-20 Rule • ”We don’t have to boil the ocean to be successful” • Adjust Scope • Changes to Cost, Time, and Functionality as your understanding of Initiatives develops • Build (the right) Foundation to Enable Future Initiatives Critical Success Factors in Conclusion 17
- 18. www.idenhaus.com Idenhaus Consulting • Who we are – Founded in 2013 – IAM Strategy & Implementation • Views on business impact of IAM • Strong track record in solution delivery – Cybersecurity • Security Operations Center (SOC) • NERC CIP • Security Assessment-SAS 70/SAE16/18, ISO27001, NIST 18
- 19. www.idenhaus.com Hanno Ekdahl 404.919.6167 hanno@idenhaus.com Maximizing Potential in this Digital Age Questions? THANK YOU