The client utilizes a multitude of IT applications across various platforms in order to meet the IT requirements of thousands of employees spread across the enterprise. The client needed a tool which could facilitate communication between Business and IT allowing business to understand cryptic looking entitlements while allowing IT to get perspective on business needs. In situations like this, meeting Sarbanes – Oxley (SOX) Compliance can present a perplexing challenge requiring significant investment of time, human resources and financial capital. The client was quick to identify the need for an Identity Management solution to address their business needs and provide them an answer to the fundamental “who has access to what” question.
The manual certification process used by the client was an intensive process and required significant resources to complete. While the client did have their own system in place, there was no standardization and implementation was an arduous task. Additionally, depending on the application and platform in question, sub sets within the system had been created thereby making the task of certification increasingly complex.
The client selected CA’s Identity Manager (IDM) and Single Sign-On (SSO) along with Sun’s RBACx (now known as Sun Role Manager) in order to address its Identity Management needs. Over a series of meeting with application owners and client’s compliance team, the process of assignment of access to users was clarified, and SOX critical systems and SOD violations were identified. RBACx’s capabilities were used to centralize reporting, perform user access certification, and schedule periodic scanning for Segregation of Duty (SOD) violations thereby facilitating the client to achieve SOX compliance. Additionally, the concept of incremental certifications was introduced, whereby following the initial cycle; managers would only have to certify users whose accesses had changed. Furthermore the process of certification was standardized, documented and the client IT team was brought up to speed regarding the process and core functionality of the product.
Simeio Solutions is a professional services and management consulting company with a strong collective background in implementing identity and role based access control solutions, supporting Fortune 1000 clients.We offer a unique perspective, utilizing leadership team experience and best practice knowledge gained at the client side of multiple identity management implementations. This perspective is appreciated by our clients as it adds substantial value when defining their own sustainable operations processes, developing roll out plans and building collaborative successful project teams.
Post a Comment