ing webcast platform

Download ING webcast platform

Post on 18-Nov-2014




2 download

Embed Size (px)


ING discusses Oracle identity management implementation and deployment synergies with a platform approach


  • 1. ING: Scaling Role Management and AccessCertification to Thousands of ApplicationsMark Robison, Enterprise Architect, INGNeil Gandhi, Principal Product Manager, Oracle
  • 2. This document is for informational purposes. It is not a commitmentto deliver any material, code, or functionality, and should not be reliedupon in making purchasing decisions. The development, release,and timing of any features or functionality described in this documentremains at the sole discretion of Oracle. This document in any form,software or printed matter, contains proprietary information that is theexclusive property of Oracle. This document and informationcontained herein may not be disclosed, copied, reproduced ordistributed to anyone outside Oracle without prior written consent ofOracle. This document is not part of your license agreement nor canit be incorporated into any contractual agreement with Oracle or itssubsidiaries or affiliates.
  • 3. Speakers Mark Robison Neil Gandhi Enterprise Architect Principal Product Manager
  • 4. Agenda Business Drivers Implementation The Platform Approach Results & Lessons Learnt Use Cases & Deployment Synergies Q&A
  • 5. ING Environment at a Glance Fortune Global 500 Oracle Access Over 29 M customers Manager Over 16K US employees* 600 attested resources Centralized Security Full Auditability *Includes managed contractors
  • 6. State of Business Prior to ImplementationExisting System home grown and spreadsheet basedProjectOracle -Access scope Role Based ManagerThe problem of scale - 520 critical appsDisparate systems No single audit sourceKey stakeholders LoB, Security (CSO), IT
  • 7. Business Drivers for INGRegulatory Compliance Scaling compliance across applications & users Oracle AccessOperationalManager Efficiency Reduce redundant effort, administrative overheadPersonalized User Experience Improve user productivity, SLARisk Mitigation Close security gaps with instant and accurate user account/lifecycle management
  • 8. ING IAM ImplementationCurrent Scope Internal users Oracle Access User Population: 16K Manager Initial focus on 520 SOX-critical applicationsImmediate Goals Replace home grown system for scale, efficiency Single Platform to handle access managementKey Features Roles based Automatic user access attestation on transfer Integration with Oracle Identity Manager (OIM) for full lifecycle management
  • 9. Phase-In Approach at ING Perimeter Security Revokes (OIM) - 2009 Automate the revoke of key perimeter security access for all employees that are terminated PeopleSoft HR is triggering system Network access (Active Directory) Email (Exchange) RACF (Mainframe) Benefits Real Time account disable on termination event Password Management (Oracle ESSO)- 2007 Provide mechanism for end user to have a single login for multiple applications Provide for self service password resets 12/2010 Benefits User does not have to memorize multiple credentials Reduced calls to help desk for password resets (40% reduction)Retirement - Insurance - Investments 9
  • 10. Phase-In Approach at ING Access Attestation (OIA) 11/1/2010 Replaced custom developed attestation program with OIA product Provides quarterly manager based review for employees application access Currently supports over 600 application feeds (520 SOX critical) Integrated with PeopleSoft HR, Service-Now (Help Tickets and Configuration Management Database) Provides immediate manager review process for employees application access on employee transfer event Benefits Easier attestation experience for managers Audit compliance Base Role Access (OIM) 12/15/2010 Automate Base Role Access on New Hire event from HR Active Directory, Exchange, Ariba (Procurement), Service-Now (Help Desk, CMDB), Clarity (Time Tracking), PeopleSoft HR (Benefits, Pay), ESSO, etc. Benefits Standardization of user setup Reduced new hire provisioning time (From 7 days to instant)Retirement - Insurance - Investments 10
  • 11. Phase-In Approach at ING Simple AD Application Access (OIM) 3/1/2011 Automate simple AD security based applications and integrate with Service-Now for manager requested provisioning Benefits Consistent, timely provisioning Reduction of Security Fulfillment Staff (10 consultants) Implementation of ING Contact Centers (OIA and OIM) - 2011 Develop Role Matrix for all contact center staff Identify and integrate all applications into new provisioning process Where cost effective & technically viable, applications are automatically provisioned using OIM All other applications will be manually provisioned (from OIM) by integrating OIM to the Service- Now Help Desk ticketing system Implementation of all ING Business Units (OIA and OIM) 2012 + Develop Role Matrix for all other organizations Identify and integrate all applications into new provisioning processRetirement - Insurance - Investments 11
  • 12. Methods of Attestation Initial Method with OIA Resource Based Attestation Employees Manager must attest to all employees Applications access in all applications Results in many attestation reports per Application A manager Manager does not know if level of Manager access is appropriate Platform B Encourages rubber stamping Application C System D
  • 13. Methods of Attestation Future Plan with OIA Employees Business Roles Role Based Attestation A Business Roles defines what IT Role A Manager roles a user should have to perform only their specific job function Role B IT Roles determine the level of access required within Role C application/platform Manager attests that employees are Business Role Owners in correct Business Role Business Role Owner attests that the IT roles makeup the correct access needed to perform job Role A Role B Role C function Application A Application A IT Role Owner attests that correct application entitlements are set in IT Platform B Application C Application C role System D System D System D
  • 14. The Bigger Picture Oracle Identity Analytics (OIA), Oracle Identity Manager (OIM), and Oracle Enterprise Single Sign-On (OESSO) provide a comprehensive and integrated suite of products that allow ING to effectively manage identity and access management. The applications are game changers that have greatly enhanced INGs Operational Efficiency.
  • 15. Down The Road: Future Plans & DriversIncrease Automated Provisioning Custom Connectors to ApplicationsExtend Scope to External Identities Customers Provisioning/AttestationsExpand Identity Warehouse Support Additional Feeds
  • 16. OIM and OIA Synergies at INGOIA The BRAINS Allows Modeling of roles Supports user attestation Supports Segregation of Duty checksOIM The MUSCLE Provisioning and Deprovisioning engine Access Reconciliation Identity Data Warehouse
  • 17. ING Business Value The time to get new employees access to all required applications is reduced. (