Download the Case Study
More About Identity Governance
Overview
An outgrown system led this Midwest insurance company to reform its Identity Governance strategy. This case study will illustrate how Zirous helped this growing insurance company implement IdentityNow to certify high-risk SOX access and lay the foundation for provisioning birthright access. Previous access certifications required a manual review of csv. exports from systems that lacked visibility and consistency. They are now able to review access quickly and efficiently for high risk sources and provide reports to auditors and administrators.
The Challenge
An insurance company had deficiencies from a recent external audit. They have been rapidly growing in the past year while their existing Identity Governance processes were established while they were a smaller company and were mostly manual processes that were prone to human error. One of the bigger pain points was a lack of regular certifications or audits on user access for SOX sources which increased the risk of malicious use. The existing reviews consisted of manually reviewing spreadsheets of access which were time-consuming and lacked standardization across systems. Individual systems and areas had varying requesting and provisioning processes that resulted in inconsistent data inputs.
The Solution
Zirous worked with the Insurance Company to discover areas for growth, prioritize their Identity Governance goals, and implement Sailpoint’s IdentityNow. A multiphase roadmap was developed to focus first on their number one priority of certifying high-risk access for nine sources and provisioning those systems along with additional core systems, Active Directory and Google Workspace, to improve onboarding and off boarding promptly. The foundation was laid by connecting to their HR system to bring in all existing employees into IdentityNow, which prepared the system for future phases when provisioning would be connected to employee lifecycle states, such as joining or leaving the organization. The nine sources were connected to IdentityNow with various connectors including: Web Services, NetSuite, JDBC and Flat File connectors. Regular aggregations from these sources would ensure that access being certified was as current as possible. Correlation rules were set up to connect the accounts to Identities to be certified. The company’s certification needs were two-fold, one focused on a review of the source specifically and the other would review a person’s access when they changed jobs or manager to address residual access after roles and responsibilities have changed. The source-specific campaigns were created using IdentityNow’s native Source Owner campaigns, scheduled for once a quarter. The Job Change certifications were created using IdentityNow’s Event Trigger functionality, which triggered a message when an employee’s Job Code or Manager changed. The message is then sent to an AWS Lambda function to create an Identity Certification that would get assigned to the new manager of the employee.
The Impact
After a few months of implementation, the Insurance Company now performs quarterly access reviews with ease as it only takes a few minutes to create Certifications of high-risk system access for multiple sources. Source owners are notified of the certifications and can quickly see which employees have access, additional details about the person, the access granted and can make a decision to keep or remove access. Additionally, the source owner can reassign a decision to a person who is better informed to decide on a person’s access. This helps the certification be as accurate as possible with the right people making these certification decisions. Closed-loop remediation ensures that access is removed automatically from the target sources. Certification reports allow administrators and auditors to see what decisions were made, who made the decisions and any comments the reviewers left, and validate that the access was promptly removed. The implementation of Certifications helped to address the deficiencies brought up by auditors. This is only the start of the realized benefits of IdentityNow for this organization. The foundation laid in this initial phase is paving the way for provisioning for birthright access to Active Directory and Google Workspace as well as provisioning for the systems connected in the first phase. This will allow the organization to standardize the request approval process and increase the timeliness of access granted or removed for employees when they are onboarded and offboarded.
Quick Facts
Technologies Involved
- Sailpoint IdentityNow •
- AWS Lambda
- Active Directory
- Google Workspace
- Ultipro
- Kronos
- NetSuite
Highlights
- An insurance company had deficiencies after rapid growth, their existing Identity Governance processes consisted mostly manual processes that were prone to human error.
- Zirous developed a multi-phase roadmap to discover areas for growth, prioritize their Identity Governance goals, and implement Sailpoint’s IdentityNow.
- The result enables the organization to standardize the request approval process and increase the timeliness of access granted or removed for employees when they are onboarded and offboarded.