User Account

All Pages

What are the components of an iam future state design

Assignment Help Computer Engineering
Reference no: EM133511126

CASE STUDY

An Identity and Access Management (IAM) case study depicting challenges and opportunities from the eyes of a CIO.

It was 4:00 p.m. on Thursday afternoon, and Mark Renshaw was still sitting at his desk, soon to be late for his team meeting. This would be the third meeting in as many weeks to discuss recent application access management flubs, and the technology team's apparent lack of support in administering and maintaining effective access operations for the business applications.

Renshaw was the CIO of Intersure, Inc., a leading global financial services company based out of Ohio. He had been in the job for nearly two years, taking on the job after a surprise departure of his then-boss. In one of his first meetings with Beth Olivio, she recalled that IT had recently been more of a problem, rather than a solution. This was particularly true when it came to access management and operations. His primary tasks, which she had made very clear, were providing top-notch service to the business team and, most importantly, getting a handle on their applications and how to support them. Intersure saw an opportunity to grow through acquisitions during the financial downturn, and integrating new applications to the existing mix was a task Renshaw was expected to tackle without major hiccoughs.

These concepts were not new to Renshaw. In his previous position as an up-and-coming CISO at a national commercial bank, he had been tasked with establishing a consistent set of access procedures for multiple business units. His project included the implementation of new identity and access management (IAM) software with the ability to support access request, approval and provisioning workflows for multiple enterprise applications and platforms, creating a unified user experience. From there, he was able to consistently track access requests, approvals, audit documentation, and enable timely provisioning. He had learned a lot from the project and had been ready for similar challenges in his new role at Intersure.

As Renshaw walked out of his office toward the team conference room, he started to recall the sequence of events that had led up to this meeting.

The First Missteps

Eight months earlier, things had looked very different. Renshaw's boss, Beth Olivio, had praised his team for their work on a technology integration project, as they absorbed the infrastructure of a recently-acquired life insurance company. Although it added yet another set of systems for the team to oversee, he had finally started to feel that he was getting a handle on the glut of applications that had been added over the years. The infrastructure continued to support over 300 applications, and a series of smaller IAM projects had created a web of access procedures to meet the differing needs and capabilities of each application. His experienced team had done well with the resources that they had and had led the training and implementation of the required security tools.

That was, until his team started to leave the company six months ago. The departures had started to expose inconsistencies in the processes the team used. The web of access procedures, although documented, still required in-depth knowledge and experience with the process. Procedures for one application would frequently vary, sometimes considerably, from another application. For this reason, overall policy and procedure documentation was overly vague such that it could be applied across applications. At the individual application level, procedures were not consistently followed.

Access Problems Start Snowballing

Renshaw continued to see turnover among his team, and continuous pressure from the business and internal audit urged him to get a full grasp of the access issues the company had been experiencing. With so many diverse business applications and silo'ed access operations processes, these problems weren't a surprise to him, but the business certainly acted like proper access procedures should be a "given." He didn't disagree.

One of the known deficiencies in their access processes were the consistent tracking of a user's access requests and approvals across multiple applications. The main worklows and ticketing system (ReadyTicket!) managed requests for only a handful of applications. During an access modification, such as an employee termination, ReadyTicket! would list the user's current access only from these on-boarded applications, and none others. It was the business unit's responsibility to scan each application for terminated user access and make the appropriate de-provisioning request to IT. This manual process was not reliable recently, and Renshaw felt like he was in the cross-hairs of auditors for having a broken process.

A Path to the Future

Renshaw enlisted his CISO, Julia Bradford, and a handful of security analysts in her team to define the future state design and develop a roadmap to achieve it. The task at hand was to define the business and IT requirements for an IAM request, approval and provisioning tool that would most effectively integrate the applications at Intersure.

Through a series of discussions with Renshaw, Bradford had been wishfully thinking that she could scrap the hodgepodge of silo'ed access procedures and help implement a centralized IAM tool. Now that she had the chance to finally put pen to paper, she jumped at the opportunity.

Renshaw asked that the draft roadmap be presented to him within three weeks. After they had finalized it internally, he and Bradford would present their proposal around the organization to gain support. Most importantly, he needed Olivio onboard.

In the following days, Bradford with her team started sequencing the steps of where the company had to go with their IAM program. What should they consider, and what was most important? They clearly needed to prioritize the most valuable initiatives first. So what, then, would an implementation schedule look like? These questions and others continued to roll around in her head, as she worked through with her team to build a high-level plan.

CASE STUDY QUESTIONS

1. Who are the typical key stakeholders for an enterprise-wide IAM transformation program? Consider the key business and IT stakeholders.

2. What are the components of an IAM future state design?

3. What's Renshaw's IAM vision entail? What should he expect to see in an IAM roadmap aligned with his vision?

4. Why is Renshaw focused on self-service and giving more control to business?

5. What are the common access request and approval steps? Who are the key access owners in the organization, or who should they be, to carry out these approvals?

6. What technology components are required to implement the desired capabilities in this case study? Why could Renshaw and Bradford be focusing on having an IAM product with the greatest amount of support out-of-the-box?

7. What could Renshaw have done differently prior to focusing on IAM product selection?

8. Why is user experience important in access request, approval, and provisioning systems? What other business drivers beyond user experience should be considered?

Reference no: EM133511126

Questions Cloud

How philosopher challenges your assumptions about ethics : Explain how the philosopher in the Gateway into Philosophy resource challenge your assumptions about what's right and what's wrong.
What is an information system and what is its purpose : What is an information system? What is its purpose? How do systems analysis and systems development fit into a discussion about information systems?
Analyze possible contact point failures in service delivery : Analyze at least three possible contact point failures in the service delivery process for your organization. Why do you consider these to be possible contact p
Accurate records of conversations with clients : Why is it necessary to keep accurate records of conversations with clients, recommendations and referrals made and any other actions taken?
What are the components of an iam future state design : Who are the typical key stakeholders for an enterprise-wide IAM transformation program? Consider the key business and IT stakeholders.
Evaluate trends in consumer environment impacting purchasing : Evaluate new trends in the consumer environment impacting purchasing patterns and consequently marketing strategies in the industry of their chosen company.
Complete incident notification form to report incident : You are then required to complete the Incident notification form to report the incident.
What is the marketing problem of your favorite brand : What is your favorite brand? What is the marketing problem of your favorite brand? How do you check whether your solution works?
Which cyber insurance company did you choose : Which cyber insurance company did you choose? What is included in the insurance of the company you selected? Why would a company select this cyber insurance

Reviews

Write a Review

Computer Engineering Questions & Answers

  Research vlan configurations for manufacturing companies

Research VLAN configurations for manufacturing companies. simple diagram showing an appropriate VLAN configuration. In a separate Word document describe

  Describe the current trends in information systems

This week the focus turns to the future as we talk about trends in information systems. Describe the current trends in information systems as well as.

  Explain some advantages a business

Explain some advantages a business would get from utilizing cloud computing of the chosen model.

  Analyze a business process with the igeo model and provide

Analyze a business process with the IGEO model and provide the following details: Main purpose of the process Inputs, Outputs, Guides, Enablers A high level

  How would you manage potential conflict

How would you manage potential conflict and have a positive communication if you were Palmater or Ross

  Compression and analog to digital process

Without quantization is there any possibility of losing some amount of information in compression and analog to digital process?

  Create java source code files to implement a callback method

Create the necessary Java source code files to implement a callback method from two child windows to a parent window, as displayed in Figure 10-64.

  Explain the generic three-tier web application architecture

Write a paper comparing the generic three-tier web application architecture to that applied by Amazon Web Services. Use at least three properly documented.

  Identify the mismatched file headers to extensions

Write a report describing the procedures you need to follow to retrieve the evidence. Identify the mismatched file headers to extensions and discuss techniques you can apply to recover passwords from the protected files.

  Detecting problem behind slow system booting

Suppose you have observed that your system is performing slower than the usual. Which system resources are likely to be at the root of the problem?

  Discuss how the risk management process will be applied

Discuss how the risk management process will be applied. Identify potential risks associated with this project (you must come up with at least 5 different risks

  Write a system design specification document

Now you will determine the system architecture, which translates the logical design of an information system into a physical blueprint.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd