Case Studies
Delivering identity management solutions in today's enterprise is a complex challenge that takes
innovation, experience and the ability to do more with less - under ever-increasing time constraints.
At Beacon, we understand the importance of protecting your business assets, because we've been doing it
for years for the world's biggest enterprises.
For security reasons the names of customers have been obfuscated.
With earnings over $3.5 billion (2008), Big Energy Co. is one of North America's largest
integrated oil and gas companies, operating in both the upstream (exploration, recovery and
production of crude oil and natural gas) and downstream (refinement, marketing and
distribution of energy products) sectors of the industry. The company employs more than
6,000 people worldwide.
ABC Enterprises is a global security company that employs about 145,000 people worldwide and
is principally engaged in the research, design, development, manufacture, integration and
sustainment of advanced technology systems, products and services. The corporation reported
2008 sales of more than $40 billion.
With customer assets of more than $2.0 trillion (Feb 09), XYZ Financial is one of the
largest mutual fund companies in the United States, and one of the world's largest providers
of financial services for over 20 million individuals and institutions. Investment management
services are provided through investment professionals at financial institutions nationwide,
including wirehouses, regional and independent broker/dealers, banks, trust companies and
insurance companies. The firm also serves retail customers by phone and through its more
than 125 Investor Centers around the country. XYZ Financial employs nearly 40,000 people
with regional operations centers across the United States and in international
locations.
About
With customer assets of more than $2.0 trillion (Feb 09), XYZ Financial is one of the largest mutual fund companies
in the United States, and one of the world's largest providers of financial services for over 20 million individuals
and institutions. Investment management services are provided through investment professionals at financial
institutions nationwide, including wirehouses, regional and independent broker/dealers, banks, trust companies and
insurance companies. The firm also serves retail customers by phone and through its more than 125 Investor Centers
around the country. XYZ Financial employs nearly 40,000 people with regional operations centers across the United
States and in international locations.
Problem
Like many large enterprises, XYZ Financial has a combination of homegrown and commercial off-the-shelf IT solutions,
including those it has implemented to manage user account provisioning. While the company finds value in using two
solutions for its identity management initiatives - one custom-developed and the other BMC Control SA
.- the lack of information flow between the two tools created process roadblocks and potential security gaps,
decreasing operational efficiency and increasing organizational risk.
XYZ Financial also faces increasingly stringent compliance and reporting requirements, but has had no way to pull
disparate user data on roles, groups and/or privileged access into a centralized
data/reporting warehouse.
Solution
Drawing on years of identity management development and standards expertise, Beacon Professional Services developed
an SPML-based interface to help XYZ Financial integrate its two provisioning systems and implement a global end-user
GUI that allowed the company to:
- Implement immediate access termination across the company
- Feed disparate user data on roles, groups and privileged access into a centralized reporting warehouse
- Fulfill audit and compliance requirements
- Decouple the solution's presentation layer from its provisioning engines
- Leverage existing security solutions and avoid vendor lock-in
- Standardize and control the end-user experience
Results
- By reducing complexity of the old system, the combined solution has allowed XYZ company to save 6%
annually on its Identity management budget. Giving them an actual cost savings of hundreds of thousands of
dollars.
- 232% increase in the number of access termination requests that met the the department's SLA
- Improved the organization and handling of thousands of user accounts across multiple managed systems and
multiple provisioning systems
- Identified multiple areas of process efficiency improvements
- Identified cross environment discrepancies and provided mitigation strategies
- ? Provided numerous data and code migration and consolidation strategies
About
ABC Enterprises is a global security company that employs over 100,000 people worldwide and is principally engaged
in the research, design, development, manufacture, integration and sustainment of advanced technology systems,
products and services. The corporation reported 2008 sales in the billions of dollars.
Problem
ABC’s information systems business unit provides global security services for the company’s various divisions.
For years, the team relied on a homegrown identity management solution that
ultimately became too complicated and expensive to maintain across the company’s global user base. Instead, they
decided to transition to a commercial off the shelf product, selecting Sun’s Identity Manager to address its
evolving identity management needs.
Key elements of the project involved replacing ABC’s existing registration database with Sun’s Identity Manager and
implementing a global credential and lifecycle management system that included the provisioning of company-wide
smart cards for physical and logical access. On the heels of its credential and lifecycle initiative, the
information systems team also needed to provision more than 180,000 Active Directory and Microsoft Exchange user
accounts across the ABC’s growing population of employees and contractors.
Prior to Beacon, two professional services engagements had failed to successfully implement ABC’s Sun Identity
Manager solution. These efforts cost the company millions of dollars in lost man-hours, while adding unnecessary
layers of complexity to ABC’s existing IT infrastructure.
Solution
After two failed implementation attempts, ABC’s information systems team turned to Beacon Professional Services to
get its identity management deployment back on track. A key goal was to help the team standardize its identity
management processes, and to provide them the necessary training to continue to build and maintain their identity
management infrastructure themselves. Leveraging years of proven best practices and expertise, the Beacon team
helped ABC’s team:
- Standardize their identity infrastructure on a commercial software platform
- Expedite provisioning of new smart card technologies
- Harden security of enterprise resources
- Track and report on identity activity across global organizations and locations
- Improve transfer of knowledge and reduce dependency on a few, limited resource experts ("tribal knowledge")
- Coach and mentor the internal team to decrease the need for outside consulting help
- Validate their identity strategy and confirm that best practices were being followed
About
With earnings over $3.5 billion (2008), Big Energy Co. is one of North America's largest integrated oil and gas
companies, operating in both the upstream (exploration, recovery and production of crude oil and natural gas) and
downstream (refinement, marketing and distribution of energy products) sectors of the industry. The company employs
more than 6,000 people worldwide.
Problem
As with any large, multinational organization, Big Energy Co. has a diverse population of employees and contractors
who require varying levels of access to the company's myriad software systems. For Big Energy Co., managing this
access across organizations and geographies was a cumbersome, error-prone task that lacked standardized tools and
processes, especially related to the on-boarding and off-boarding of disparate user accounts. Additionally, once
user accounts were provisioned, Big Energy Co.'s call center continued to field a high volume of requests for manual
password changes and token resets, driving up outsourced support costs and reducing the time spent on more strategic
IT projects/issues.
Adding to their identity management challenges, Big Energy Co. utilizes a system of privileged user accounts that
can be checked out by various individuals for specific tasks and time frames when approved by a superior. This
concept of delegated authority increased the difficulty of tracking and auditing identity activity, an issue of
growing importance to Big Energy Co.'s risk management and compliance team.
Solution
In early 2008, Big Energy Co. turned to Beacon Professional Services to automate the provisioning and identity
lifecycle management of its more than 20000 user accounts worldwide. Using Sun Identity Manager, the Beacon team
implemented an enterprise-wide identity management solution that enabled Big Energy Co. to:
- Consolidate management of it distributed directory infrastructure
- Rationalize diverse on-boarding processes across international locations
- Translate manual, paper-based processes into automated, software-driven workflows
- Provide self-service capabilities around password management and token resets
- Implement identity auditing across enterprise and extranet environments
- Reduce outsourced help desk costs
- Provide a standardized methodology for the design-build-test of identity management solutions
A key aspect of the project was a custom-developed, SPML-based GUI which provided self-service password/token reset
capabilities to users outside of Big Energy Co.'s firewall.
Results
- The company's help desk saw an 86% reduction in the number of password and token reset calls which directly reduced their outsourced help desk costs
- Allowed the business to meet a -1 day SLA for the provisioning of newly onboarded accounts
- The company reduced its IT provisiong staff by 2 FTEs
