Identity Access Management

Case Study Financial Services

A Fortune 100 financial services company utilizes Apex’s Cybersecurity solution to conduct an enterprise-wide assessment of Identity Access Management capabilities, resulting in significant cost savings.  

SITUATION 

Our client needed an independent analysis of enterprise-wide Identity & Access Management (IAM) capabilities and toolsets. In recent years a number of Authentication, Authorization, Provisioning/De-provisioning and Certification tools had been deployed without a centralized governance and strategy. A baseline assessment and future state road map was needed to facilitate a strategy for long term cost savings and increased application control and efficiency.  

SOLUTION 

Following Client Enterprise Project and Information Security Methodologies, the engagement team performed an independent analysis of our client’s IAM capabilities and toolsets.  

Reviewed 250+ EAM Tools for Technical and Business

Engagement steps we executed were: 

  • Conducting EAM stakeholder and subject matter expert interviews 
  • Developing criteria for application certification (IAM and non-IAM Tools) 
  • Performing baseline analysis and mapping of 5 EAM controls (Authentication, Authorization, Provisioning, De-provisioning, and Certification) 
  • Performing Gap Analysis for exclusions and overlapping functionality 
  • Mapping each application based upon business and technology suitability 
  • Current and future state recommendations for decommissioning and investment 

Key deliverables included: 

  • Overall IAM Tool Rationalization Project Plan 
  • EAM Tool Baseline Report and Tools Mapping (Controls and Robustness) 
  • Gap Analysis Report 
  • Roadmap: Strategic Component and Action Plan 

RESULT 

The team vetted and analyzed more than 250 IAM tools and vendor products in use, considering technology and business value requirements. We provided a recommendation for each tool: to consolidate/retire or invest/modernize the tool. The roadmap provided decommissioning recommendations over three years, process improvement recommendations, and identified a core set of strategic IAM tools for consolidation and further investment. This consolidation would eliminate “home grown” tools and tools with partial functionality, resulting in significant pro-forma saving.