Presented by Nick Yoo, Senior Director of Information Security Architecture and Services, McKesson at ForgeRock Open Identity Stack Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
2. Open Identity Summit
Agenda
About McKesson & ISAS Team
Challenges
“Lean Start-Up” Approach
Critical Success Factors
Current Status
Direction
Summary
Q&A
8. Open Identity Summit
History of IAM efforts
Consulting effort began in 2009
Key business drivers identified
Standard approach
Support customer and business partners
Prepare for new technology and HITECH act
Cost reduction
Audit and compliance
Enterprise Governance
Recommendations included
Architecture standards
Vendor evaluation and selection
Create one user ID for each customer
Customer Identity Store
Typical Waterfall Approach
9. Open Identity Summit
Radically different approach required
Different Customer Base
P&L
Priorities
Business Risks
Unique Solutions
Diverse Requirements
Delivery
10. Open Identity Summit
“Lean Start-Up” Approach
Lean
Principles Strategy
• Experimentation over
Elaborate Planning
• Customer Feedback over
Intuition
• Iterative Design over
Traditional “Big Design
Up Front” Development
• Customer Identity
• BU-specific projects
• Quick Wins
• Measured results
• Marketing
• Just-in-time investments
• Lower Costs
• No formal product
evaluation
• Build infrastructure as
required
Source: S. Blank, Why the Lean Start-Up Changes Everything, HBR
11. Open Identity Summit
McKesson “Lean Start Up” Process
Pharmacy – OpenAM/DJ
Upgrade
MedSurge– OpenAM
WebSSO
Distribution
Federated SSO
RH Pharmacy – OpenIDM
Provisioning
MSO - OpenIDM
Self-Service
MHS - OpenIDM
On-boarding
Project to Program
Shared Services
Enterprise Standard Solutions
Enterprise Infrastructure
12. Open Identity Summit
Critical Success Factors
• Open source debates
• Legal review of open source license
• Open source code scanning
• Approval from the CTO office
• ForgeRock references
• Unique business needs
• Building credibility
• Quick wins
• Cost comparisons
• Open source
• Platform as a Service
• Over 50 presentations
• Executive-sponsored initiative
• Proof of concept projects
• Free consulting
• Lower cost delivery model
• Framework and Architecture
• Project management
• Partnerships with customers,
ForgeRock, Exadel, and internal IT
organization
• Gradual ramp up through training, pilot
projects, external resources
Open
Source
Marketing
Delivery
Rapid
Adoption One
Access
13. Open Identity Summit
IAM Framework
Enhanced user experience
Improved management
of security risks
Efficient development/
deployment of applications
Reusable integration
HIPAA, SOX
compliance
Common logs
Improved
accountability
Common reporting
Reduced
administrative tasks
Reduced help desk calls
Improved process efficiency
Reduced Infrastructure
Costs
Central user information
Reduced administrative
tasks
Reduced help desk calls
Improved security
Accountability
Cost savings
Business
Benefits
Identity Management
Access
Management
Monitoring/Audit
& Compliance
User Self-Service &
Password Management
Virtual Directory
Web Access
Management/SSO
Centralized Audit
Delegated Administration
Synchronization/
Replication
Federated Identity
Management/SSO
Logging and
Monitoring
Automated Approvals
and Workflows
Meta Directory
Authentication &
Authorization
Access Certification
Enterprise
Role Definition
Directory Storage Standard APIs Reporting
Identity Data Services
Prioritized BU Needs To-date
IAM
Solutions
IAM
Components
14. Open Identity Summit
Current Status
Most Projects
Completed in Less
than 3-4 Months
High
Satisfaction
Ratings from
Customers
Over 15 Projects
in 7 Major BU’s
3 FTE’s and over 10
Contract Resources
Demand Trends
Over 200
Apps
Identified
Cloud Integration
15. Open Identity Summit
Our Direction
Over 80% Business Adoption
employees, customers and partners connected
securely via McKesson OneAccess
Patient Identity
Product Integration
IAM Ecosystem
Formal Business Case
Development
Support Key Business
Initiative
16. Open Identity Summit
Summary
Focus on immediate business value
and results
Scale and expand services as
required
Tackle easy to define projects
Establish IAM framework
Maximize open source product value
Focus on user satisfaction
Establish strategic partnerships
Communicate
Demonstrate success