Company supports phased approved to identity and access management to achieve compliance objectives
Background/Challenges: With thousands of employees requiring different levels of access to the multitude of IT applications that comprise the organization’s IT infrastructure, the company needed a solution that could go beyond distributed security by automating and enforcing identity management and access compliance policies across disparate systems and workflows. Growth through acquisition in recent years had brought in a variety of systems with varied policies. The company needed to ensure the enforcement of business roles and consistent policy across its entire organization. In the company’s industry, ensuring rapid delivery of results is dependent upon readily available access to information and systems, while ensuring data is protected at all times. The company therefore needed to make sure that it could enforce and monitor who was accessing what information, and ensure that access was in accordance with a pre-defined set of roles for each job description.
Issues: Before the Courion implementation, the company’s ability to immediately terminate user access to information and systems was limited. This capability is a critical component in minimizing the risks associated with data breaches. A good example of this latency was that orphaned accounts (accounts that users no longer needed, or accounts associated with employees who were no longer with the company) were taking up to one week to remove through existing processes. This issue was further complicated by the company’s rapid corporate growth, primarily through acquisition, which brought in additional disparate systems and policies and created an even more complex IT operating environment. The company had standardized policies but they were not role based around access and identity, and although they had a distributed security system set up, the company recognized that they needed to better enforce policies – standardized or not.
Solution provided by Courion: The company selected Courion’s Enterprise Provisioning Suite™ solution for its ability to quickly support a phased approach to identity management that enables the company to address a wide range of identity management challenges, from access compliance to password management.
Seamlessly integrating with the company’s standard applications, Courion's Enterprise Provisioning Suite provides common services and connectors to the company’s existing IT environment. The solution provides managers at the company the ability to periodically review and verify employee access rights; define, audit, and enforce segregation of duties (SoD) policies; prevent user access to resources until policy awareness testing is passed; and automatically trigger compliance actions based on user provisioning events. The company is also leveraging the Courion Enterprise Provisioning Suite for its self-service password management capabilities which enable the organization to deploy self-service password reset and password synchronization across a wide variety of its enterprise systems.
“Like many organizations, the company was challenged by its reliance on manual processes for terminating access to information and systems by users whose roles within the company had changed. Rapid termination of access is a critical component in minimizing the risks associated with data breaches. In order to minimize those risks, the company needed to figure out how to automate provisioning and de-provisioning processes to ensure that employees only have the access required to provide superior levels of service, while supporting compliance with organizational policy and regulations. The company also had to make sure that the solution it chose could integrate with more than 100 applications and systems in order enforce organizational policy and security processes across multiple systems.”
Chris Sullivan, Vice President of Customer Solutions, Courion
Summary: Since the implementation, the company has been able to significantly reduce the organization’s compliance risks by reducing the time it takes to remove orphaned accounts, from up to one week to removal in real-time, while uniformly enforcing business policies across the entire organization. The solution has helped the company enforce policy across the multitude of systems that comprise its infrastructure, ensuring that properly credentialed staff has the immediate access required to perform its services, while ensuring that data is secure and protected in compliance with business policy.
Additionally, the company has decreased the burden on the IT staff by leveraging the Courion’s service password management capabilities. The company has reduced password-related help desk calls by approximately 1,500 per month, freeing up resources to address more critical IT projects. The company has been able to increase security and significantly reduce labor costs associated with password resets by implementing a self-service approach to password management.
1881 Worcester Road
Framingham, MA 01701-540 USA
Tel: +1-866-COURION / 1-508-879-8400