Cracking the case of mistaken identity and access management
Deloitte helps a large company unlock previously unused capabilities and realize greater value from its IAM technology investment.
THE SITUATION
A financial services company found itself with an identity and access management (IAM) mystery …
The large company had invested in technology to meet its extensive IAM needs. It had engaged a service provider, first to implement the platform and configure it for the business and then to deliver ongoing support and system enhancements. The company’s talented IAM team worked diligently to maintain compliance and manage risk. Time passed, but progress stalled. Why?
It started with gaps between process documentation and execution. The company avoided compliance issues, but largely because IAM team members spent much of their time and effort performing routine processes manually or verifying the results of automated actions. So much busy work left them with little time for strategic work, onboarding new apps to the platform, or improving upon existing processes. They often felt like they were working for the IAM platform, when it was supposed to be working for them.
End users—company employees and external partners—felt the effect. They faced slow response times for access requests, delays in onboarding and inconsistent experiences. Delays in granting new hires access to the applications and information they need to do their job are inconvenient and can affect productivity. But failing to revoke access after an employee leaves the company can pose significant risk. Insufficient enterprise resource planning (ERP) integrations and suboptimal coding meant that when access needed to be removed, because someone no longer needed it or had left the company, the deprovisioning process for these “leavers” failed about 25% of the time and had to be completed manually.
The service provider addressed these technical issues but that cut into time it could use for enhancements aimed at improving user experience and regulatory compliance. When the company’s IAM director left their role, the chief information services officer (CISO) believed it was imperative to bring in a strategic adviser to help resolve the platform challenges—not only to realize the intended business value from the significant technology investment, but to make it easier for IAM team members and end users to do their jobs.
THE IAM PLATFORM HAD CONTROLLED ACCESS BUT MONOPOLIZED THE TEAM’S TIME.
THE SOLVE
The financial services company turned to a longstanding adviser: Deloitte, which has provided identity services to clients for more than 25 years. Deloitte’s cyber risk specialists understand that identity platforms aren’t like other software platforms and require a highly specific skill set. The CISO sought a more-effective IAM strategy, but the Deloitte engagement leader quickly determined the IAM team didn’t need guidance so much as a hands-on intervention.
The Deloitte engagement leader expanded her team, with a sharp focus on delivering value for the client. A Deloitte developer conducted a root-cause analysis with code-level review to determine why processes weren’t working as they should. Deloitte created a practical action plan to reduce the backlog, automate where possible, and target the business’s most critical needs. As the plan was implemented, it became clear that staffers had the right mindset and understood industry leading practices—and they had an effective tool.
But they hadn’t unlocked its full capabilities—or its full value—because they lacked a multidisciplinary collaborator that could look beyond the status quo.
The progress made and the trust Deloitte built with the CISO and IAM team drove a critical decision: Rather than continue applying patchwork solutions to the incumbent implementation, client leadership asked Deloitte to completely transform the existing underlying identity, governance and administration (IGA) platform and reshape the foundation. Organically, the engagement transitioned from strategy into implementation, a shift made possible through the skills and capabilities Deloitte people leverage together. Deloitte helped the IAM team resolve key long-term issues and prioritize areas for improved processes and governance enhancements.
By implementing self-service features that included secondary account management, access role creation and modification, service account management, and active directory group management, Deloitte helped reduce the manual workload for the IAM team and enhanced end-user experience across the business. To help minimize risk, legacy solutions and integrations were updated to enhance workflow logic for “leavers” and align access removal with defined control policies. Additionally, improved ERP integration enabled the IAM team to eliminate recurring ticket errors and provisioning failures—which also reduced costs.
The fixes and enhancements were designed to meet the financial services company’s specific business needs and deployed to meet its larger organization’s global requirements. Deloitte verified the changes were aligned with the global target operating model, from both a technical standpoint and organizationally.
IDENTITY AND ACCESS MANAGEMENT INVESTMENT STALLS IF KEY FEATURES STAY LOCKED.
THE IMPACT
At the start of the engagement, the financial services company had a leading-class platform, documented processes and a dedicated IAM team committed to the business’s security and compliance. What was missing was a collaborator that could help it realize the full sum of its parts. Deloitte’s multidisciplinary approach enabled a fuller view—from overall strategy to lines of code—that had previously been lacking.
Collaboration with Deloitte resulted in quantifiable benefits for the client, including:
34% fewer failure tickets in the first four months following implementation of the new underlying IGA platform.
This saves time and provides a measurable boost of confidence in the system.
Nearly 70 monthly requests streamlined.
Custom workflows make it possible for requests to be handled on a self-service basis, with minimal review and follow-up.
Nearly 100 duplicate tickets per month have been eliminated.
Thanks to improved ERP integration, the financial services company has eliminated extra fulfillment fees and realized immediate cost savings.
The company has unlocked greater value from its technology investment because the IAM team can now fully leverage features that were previously unused.
There are also qualitative benefits:
- A more relaxed, more empowered workforce that has gained time to focus on strategic improvements and complex problem-solving, rather than manual tasks.
- Enhanced compliance through more robust workflows and automated enforcement of policies.
- An improved experience for end users across the enterprise, who can now onboard quicker and have their access needs met more smoothly.
STRATEGY AND TECH CAPABILITIES TOGETHER CAN AVERT AN IDENTITY CRISIS.
