IDENTITY ACCESS MANAGEMENT PHASE 0 IDM REPLACEMENT December
IDENTITY ACCESS MANAGEMENT – PHASE 0 – IDM REPLACEMENT December 5, 2013
Executive Summary Business Problem: • Identity Access Management (IAM)* solution will be end-of-life in Dec 2013 – Current solution deployed in 2004 – Oracle has sunset the solution in favor of its own product – no upgrade path available • Significant risk associated with having a production IDM solution that is not supported by the vendor – External facing for key functions such as password resets – Critical platform for security & compliance • Solution replacement is required to stay on supported and secure technology *Lighthouse Waveset Identity Manager, formally Sun and then Oracle 2
Proposed Solution 3
Financial Summary -Phase 0 Expense 16%, Capital 84% NOTE: Maintenance costs for the software will remain relatively flat (i. e. what is paid today for IDM is similar). 4
Benefits • Cost Reduction / Avoidance Ø Avoidance of enhancements on end of life solution, throwaway customizations – required if project is delayed (~$1. 3 M annually) Ø Enhancements become less expensive, as software is more easily configured (vs. customized) Ø Decreased costs for integration with other applications (for provisioning)- not custom connectors for every deployment • Risk Mitigation Ø IDM is critical to the business – user management, password resets etc for ANY person accessing a major SPE system – current supported SW is mandatory Ø Prevents and protects against security and vulnerability findings such as • Java and other technology versions • External facing issues requiring remediation of critical vulnerabilities in 1 -3 calendar days 5
Competitive Analysis • The most popular IAM solutions other corporations have chosen are: – Sail. Point – Oracle – CA – Net. IQ – Microsoft • Recent studios implemented the following: Paramount Pictures – Microsoft and Disney -CA • Other Sail. Point customers: RBS, BNP Paribas, Fidelity, Wellpoint, Bank of America, JP Morgan Chase, MGM Resorts, Cardinal Health, Adobe, ING DIRECT, Sallie Mae, Office. Max, Exxon Mobil, UBS, UPS, Travelers, New York Life 6
Timeline- Phase 0 FY 2014 Nov ’ 13 Dec‘ 13 FY 2015 Jan’ 14 Feb ’ 14 March ’ 14 April ’ 14 May ’ 14 June ’ 14 July ’ 14 Aug ’ 14 Sept ’ 14 Oct ’ 14 Nov ’ 14 Dec ’ 14 Greenlight Prep Project Greenlight Project Kickoff Planning / Blueprint Solution Architecture & Design Implementation Hypercare 7
Proposed Solution Sail. Point Identity. IQ (IIQ) has been chosen as the replacement for the current IDM Lighthouse Waveset Identity Manager existing solution. The IIQ Base Product includes the following: • Identity Governance Platform – Identity Warehouse (aggregation and correlation engine); Generally available connectors to support 3 rd party software applications, databases and platforms; Role Modeler; Policy Catalog; Risk Analyzer • Identity Intelligence – Dashboards, Reporting, Advanced Analytics • Unlimited instances for development, test, and high availability environments as needed to support the production instance In addition, the following IIQ Modules are add-on Modules to the Base Product and are in scope for Phase 0: • Identity. IQ Lifecycle Manager Module- Self-service Access Request and Password Management, Automated Lifecycle Event Management, Process Assembler and Preventive Policy Enforcement • Identity. IQ Provisioning Engine Module -Sail. Point’s generally available provisioning connectors for processing changes to user access within 3 rd party software applications, databases, and platforms • Identity. IQ Service Desk Integration Module (for Service. Now)- Generate help desk tickets automatically from Identity. IQ to Service. Now 8
- Slides: 8