In this webinar, host Scott Bonnell discussed security and compliance issues with Philip Black from SuperValu. Business drivers and a Sun to Oracle technology upgrade project are discussed.
Most organizations have multiple deployments that were initiated for different reasonsAccess vs. ControlCompliance vs. SecurityCost vs. ValueQuick win vs. comprehensive planMost Identity Management efforts don’t end with one deployment – typically organizations have multiple deployments implementing different components based on business requirements. Every CSO or Director of Identity Management needs to think about a roadmap. If you are stating from scratch building a roadmap can be complicated:Business owners and Application owners have different goals:The business owner typically wants greater transparency while the application owner wants to keep much of the information isolated and the challenge they struggle with is how to expose the right level of information to the business manager to make decisions. It would be a big exposure to give every manager administrative access to applications to verify and view the access rights of employees.Addressing compliance vs. RiskMany CSO’s are frustrated by all of the money being spent on compliance which does not really reduce security risk. Despite all of the effort on audit compliance many IT departments don’t feel any safer. The roadmap has to help balance these Multiple Priorities From a use case and business case perspective there are multiple priorities – the strategy is typically take a cost vs value approach . So we we can rationalize some of the roadmap items based on the cost and the benefits Timeline and DeliverablesWe can’t do everything at once . Adopt the right technology at the right time and focus on deliverables that can show quick ROI.The Take Away Roadmaps are more Art than Science The best guidance is to work with peers who have done it before
Focus on the business Opportunity.From Previous business cases, companies have justified the approach in one of 3 ways Security & Compliance – Preventing risk or in reaction to a security breach or audit event Example – Auditor finds an excessive access issue that gets escalated to a CIO and prompts the spend for a project to clean up access- this project is driven by the regulatory pressure and governance pressure internally Efficiency – Looking at help desk cost, the time to value of on-boarding off-boarding and automationExample: Many organizations have created the business case around identity management by looking at the volumes of help desk calls and choosing identity projects to tackle the volume of calls . In an organization of 40K users you can expect about 20K move adds or changes via the help desk. Roughly 50% of your help desk calls are for password management. The cost quickly add up . You can quickly get a 200% ROI in a 2 year period taking this angle alone.Scale – Expanding the business by serving customers better Many organizations – tackle Identity management outside in by focusing on applications that provide service to customers – ie enabling identity management for customer apps.
Studies have shown that a Platform approach – where IDM products are fully integrated by the vendor – is more cost effective and more secure than best of breed products from multiple vendors.================================================================================