Copyright © 2009 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
Identity & Access Management
Unlocking the Business Value
Unlocking the Value of Identity and Access Management
• Defining the IAM challenge today
• Optimising the value delivered with IAM capabilities
• Establishing a value-driven IAM transformation journey
Copyright © 2009 Accenture All Rights Reserved. 2
• Establishing a value-driven IAM transformation journey
IAM covers a broad scope of challenges that includes enabling the internal organisation, working with business partners, and servicing customers
Identity Lifecycle ManagementMaintaining an accurate, up to date, accessible inventory of all users, their credentials and information at appropriate levels of trust
Internal AccessMaintaining and enforcing access of internal
Credentials
Identity and Access Management is the job of understanding the identities that interact with your organisation and enforcing the appropriate access rights
Copyright © 2009 Accenture All Rights Reserved.
Customer / Citizen AccessMaintaining and enforcing access of external users to all channels in the organisation to streamline customer or citizen interactions, provide data privacy and minimize fraud
Business Partner AccessMaintaining and enforcing access of business partners to various channels to enable business to business productivity and commerce, maintain federated security and appropriate controls
Maintaining and enforcing access of internal users to business resources to enable business productivity, provide security and segregation of duties controls
Ide
ntitie
s
EntitlementsAccess Control
Audit & Compliance
There are several business drivers that are placing an increasing number of requirements on an organisation’s IAM capabilities
Business Driver Description IAM Needs to…
Growing IT Security Costs
• Strong pressure to reduce cost
• Complex security processes
• Multiple systems & solutions
• Lots of reporting
• Drive down costs through
– Rationalisation
– Standardisation
– Reduced fraud
Copyright © 2009 Accenture All Rights Reserved. 4
Regulatory Compliance within IT Security
• Added compliance & regulatory pressure
• Still the # 1 reason companies invest
• PCI, HSPD-12, etc
• Provide a truly auditable information access solution
• Provide strong top-down control over access of different user types.
Mergers & Acquisitions
• Increased M&A activity driving I&AM. • Integrate existing IA&M solutions and drive down associated costs.
Risk of Security Breach
• Need to balance the risk
• Security breaches continue to be costly (fines, reputation, publicity)
• Provide strong access management controls
• Minimise the risk of security breaches
• Provide irrefutable information to authorities.
Enabling New Business Capabilities
• Everyone is looking to reduce cost, organisations need an edge.
• Ability to quickly partner with other
organisations
• Support new business capabilities through integration of business partners, suppliers or
client firms.
The complexity of IAM is increasing significantly as a result of the growing number of identities that an organisation has to manage in conjunction with the increasing number of resources to which an organisation must control access.
The evolution of Information Technology is making it increasingly challenging to effectively deliver IAM capabilities
Identities Resources
Copyright © 2009 Accenture All Rights Reserved. 5
# o
f R
es
ou
rce
s
Evolution of IT
DirectoriesAccess to core directories and networks
# o
f Id
en
titi
es
Scope of IAM
Mergers and Acquisitions
Remote Access
Cross Channel AccessGlobalization
Opening of BordersInfrastructure
Access to physical assets, servers & databases in the environment
ApplicationsCoarse grained access to applications across the enterprise
Structured DataEntitlements to structured data within applications
Unstructured DataAccess to unstructured data across the enterprise
MainframeDesktops
Web Applications
ecommerce
Business Partners
Customer Identities
Citizens
The number of resources, assets and data requiring protection has increased dramatically.
In recent years there has been an explosion in the number of digital identitiesthat an organization is required to manage.
Many organizations today have implemented a variety of different IAM solutions in an attempt to address specific pain points
LDAP Directory
Tokens
PKI
Password Sync
Meta-Directory
Virtual Directory
ProvisioningHelp Desk
Self Administration
Customer Database
Biometrics
Passwords
Smart Cards
Web SSO
eSSO
Kerberos
Federation
Copyright © 2009 Accenture All Rights Reserved. 6
Access Certification
Distributed Auditing
Delegated Administration
RBAC
Access Control Lists
Self Administration
Business Partner
HR
CRM
Procurement
Payroll
Asset Inventory
VPN
AuthZ
Ide
ntitie
s
EntitlementsAccess Control
Audit & Compliance
Credentials
Unlocking the Value of Identity and Access Management
• Defining the IAM challenge today
• Optimising the value delivered with IAM capabilities
• Establishing a value-driven IAM transformation journey
Copyright © 2009 Accenture All Rights Reserved. 7
• Establishing a value-driven IAM transformation journey
High performing organisations maximise the value of their IAM investment by developing strong IAM capabilities that are well aligned with the needs of the business
FRAGMENTED• Redundant processes and
technologies implemented throughout the organisation
• Custom solutions often “baked in” to applications
OPTIMIZED• Rationalised identity services
optimised for business needs
• High levels of integration with users and applications across the organisation
Well
Aligned
Needs help:
• Assessing and
standardising existing
capabilities
• Decommissioning
redundant IAM systems
Needs help:
• Evaluating
emerging
technologies
• Strategy & release
planning
• Evaluating cost
Copyright © 2009 Accenture All Rights Reserved. 8
in” to applications the organisation
UNSTRUCTURED• Lack of focus and priority by
business and IT leadership
• Limited IAM capabilities based on antiquated and/or inadequate solutions
MISALIGNED• Over-engineered solutions that
struggle to demonstrate value
• Poorly defined, and/or complex business processes
• Heavy Infrastructure, and limited application focus
Immature Mature
Loosely
Aligned
IAM Capability
BusinessAlignment
• Evaluating cost
containment tactics
Needs help:
• Business process
reengineering
• Functionality
enhancements
• Communications,
Training, and
Awareness
Needs help:
• Program mobilisation
and capability planning
• Building out IAM core
services
There are several common opportunity areas to improve IAM capabilities that can increase the value delivered to an organisation
Value Levers Example Opportunity Areas
• Implement a cross-organisation Segregation of Duties framework for all
business critical applications
• Reduce the risk of inappropriate use of system level administration access by securing the review and assignment process controls.
• Increase the trust levels of organizational identity systems by implementing a risk-based approach for identity validation & establishment.
Risk & Compliance
Copyright © 2009 Accenture All Rights Reserved. 9
• Reduce admin costs such as password reset and access request costs by implementing user self-service and automation of account provisioning activities on for high volume systems.
• Reduce the annual cost of compliance by standardising access request & review processes.
• Reduce the cost of service per customer by implementing self service capabilities.
risk-based approach for identity validation & establishment.
• Reduce barriers of entry for joint venture & business partner endeavours by enabling federated identity capabilities.
• Increase competitive advantage with customer base by providing a more personalised and secure user experience.
• Increase productivity of work force by reducing the managerial time spent
reviewing & approving the appropriateness of user access
Cost Reduction
Business Enablement
Business Value of
I&AM
Enhancing IAM capabilities can help with cost takeout initiatives across an organisation
Internal Access
Business Partner Access
Customer Access
Identity Lifecycle
Management
The cost associated with storing, maintaining and accessing identity related data and managing the full identity life cycle.
Risk & Compliance
Identities
The cost associated with managing the life cycle of
Copyright © 2009 Accenture All Rights Reserved. 10
The cost associated with the administration of accounts in an organisation and the financial impact of incorrectly allocated entitlements.
The costs associated with the data collection and creation of reports for regulatory compliance such as Sarbanes Oxley.
The costs associated with performing authentication and authorisation checks on users before allowing them access to company resources or data.
Credentials
Entitlements
Access Control
Audit and Compliance
Business Enablement
Cost Reduction
Business Value of I&AM
The cost associated with managing the life cycle of credentials and their ancillary support items ( e.g. password reset helpdesk calls).
Rationalising the processes and tools used to manage the lifecycle of identities can help organisations reduce the cost of redundant systems
Identities• Reduce costs of maintaining separate identity lifecycle management process
by integrating them into existing business processes
• Reduce costs by minimising duplicate credentials through effective
Identity Lifecycle Management
Copyright © 2009 Accenture All Rights Reserved. 11
Credentials• Reduce costs by minimising duplicate credentials through effective
management of the core identities that interact with your business
Entitlements
• Automatic role based provisioning aligned to a single view of identity allows productivity to increase as users have access to the right systems to complete their role activities
Access Control
Audit and Compliance
• Reducing the complexity and cost associated with audit activities by understanding the full breadth of actions a single identity can have across a large number of accounts and systems
Internally, there are significant cost savings that can be achieved within an organisation associated with annual compliance and high volume help desk requests
Internal Access
Identities• Consolidate user repositories to a single logical instance • Standardize on a single IAM COTS vendor a negotiate a cross-organisation ,
full suite license agreement
• Reduce the development time for new services by standardising and sharing
Copyright © 2009 Accenture All Rights Reserved. 12
Credentials
• Reduce the development time for new services by standardising and sharing security components
Entitlements
• Reduce user access administration costs by automating account provisioning activities for high volume systems
• Reduce IAM support costs by Implementing a lower cost resource model for tier 2 and tier 3 support functions
Access Control
• Reduce help desk & password reset costs by implementing user self-service solutions
• Implementing Enterprise/Web SSO provides decreased re-authentication activities and reduces help desk and password reset costs
Audit and Compliance
• Reduce the annual cost of compliance by standardising access requests & review processes
• Automate and streamline manually-intensive access certification processes
You can reduce the costs working with partners by leveraging IAM capabilities to establish circles of trust that enables a higher self of governance
Business Partner Access
Identities• Reduce administration costs by allowing suppliers/business partners to
manage their own users
Credentials • Reduce the number of credentials that need to be managed by supporting federation capabilities
Copyright © 2009 Accenture All Rights Reserved. 13
Entitlements
• Reduce support and helpdesk costs by automating access request and approval processes
• Reduce IAM support costs by Implementing a lower cost resource model for tier 2 and tier 3 support functions
• Increase business partner utilisation by reducing on-boarding times with automated provisioning
Access Control
• Reduce the development time for new services by standardising and sharing security components
• Rationalize existing identity related hardware/software by implementing a common federation service
Audit and Compliance
• Reduce the annual cost of compliance by standardising access requests & review processes
• Automate and streamline manually-intensive access certification processes
Mature IAM capabilities can help reduce the cost to serve customers by enabling user self-service and automated
Customer Access
Identities
• Improve single view of the customer and improve productivity by reducing the number of systems sales staff need to access to collect customer information
• Rationalize existing identity related hardware/software by implementing a common set of shared IAM services for all customer facing applications
Copyright © 2009 Accenture All Rights Reserved. 14
Credentials• Reduce help desk call times by automating identity validation processes
• Reduce help desk calls by enabling user password self-service solutions
Entitlements
• Reduce user access administration costs by automating account provisioning activities for high volume systems
• Reduce help desk calls by provisioning the right access first time with automated entitlement provisioning
Access Control
• Reduce help desk & password reset costs by implementing user self-service solutions
• Reduce the development time for new business services by standardising and sharing security components
Audit and Compliance
• Simplify audit activities across systems by standardizing and centralising audit capabilities
Unlocking the Value of Identity and Access Management
• Defining the IAM challenge today
• Optimising the value delivered with IAM capabilities
• Establishing a value-driven IAM transformation journey
Copyright © 2009 Accenture All Rights Reserved. 15
• Establishing a value-driven IAM transformation journey
An approach to delivering value with IAM that is focused on business transformation
Business led, not security or compliance led
Discrete projects aligned to business objectives are managed as part of a
transformation program. Strict governance is implemented from the outset alongside
an industrialized delivery methodology.
The business has ownership of IAM activities and delivers them in cooperation with
the technology stream. The business case is built upon strong and validated metrics
and is used to obtain high level management buy-in.
A transformation approach focused on delivering a defined set of projects that meet business objectives
Copyright © 2009 Accenture All Rights Reserved. 16
an industrialized delivery methodology.
All aspects of the solution including the people and process elements are considered,
not just the technical side. Simple process improvements can deliver greater value
than complex technical systems.
A strong understanding of real business requirements form the foundation for the solution
design. Where often solutions are over-engineered to meet non existent requirements,
The integration approach is both top-down and bottom-up focused. This approach
ensures coverage and impact for the large majority of all applications, not just a few
infrastructure systems. It is based upon delivering value and not automating functions
without understanding the impact and value that will be realised.
meet business objectives
Process centric, not technology centric
Application focused, not infrastructure focused
Practical solutions, not architectural masterpieces
A typical IAM journey will help organisations gain control, reduce costs, and then drive additional value to the business
Typical IAM Transformation Journey
Hig
h
Gain Control & Compliance Reduce Costs Enable the Business
Med
ium
Risk Cost Business benefit
Copyright © 2009 Accenture All Rights Reserved. 17
• Implement solutions to reduce to simple, high volume administration requests (i.e. password reset).
• Streamlined compliance processes and basic technology tools implemented to reduce
manual compliance costs.
• Basic governance and process controls put in place to meet compliance requirements
• High volume business processes reengineered and automated as a standard service.
• Core identity data and hardware is rationalised across the organisation.
• Focus on leveraging the standardised identity services to enable new
business ventures.
Lo
wM
ed
ium
Identities
EntitlementsAccess
Control
Audit & Compliance
Credentials
Organizations must first understand their existing IAM capabilities and evaluate their change initiatives to develop a value-driven transformation roadmap
IAM Capability Maturity Model
Understanding the maturity of the existing capabilities is an important step to ensure that full leverage is achieved from the investments Basic
Defined
Mature
Copyright © 2009 Accenture All Rights Reserved.
Audit & Compliance
18
from the investments made to-date.
Bu
sin
es
s V
alu
e
Quick Win
Quick Win
Misaligned
Strategic
Project AProject B
Project CProject D
A value driven transformation roadmap provides a comprehensive list of prioritised change initiatives that enable an organisation to deliver incremental value
Evaluating the planned, or in-flight IAM change initiatives can help organisations ensure that they are prioritising their investments to maximise the business value delivered.
IAM Project Assessment
Investment
Basic
Questions & Comments
Copyright © 2009 Accenture All Rights Reserved.
Dave Ruzicka
Office: +61 3 9838 8487
Mobile: +61 413 382 212
Email: [email protected]