IAM Service and Descriptions Summer 2016

Copyright © Aujas All rights reserved.

IAM Services and Solutions

- Vision and Mission

- Services for all stages of IAM program lifecycle

- Services Offerings – descriptions and probing questions

- Case Studies

- Aujas Advantages and Experience

Identity and Access Management

May 2016


2

“To Enable a digital era by empowering everyone to extend their digital personas and identity across

the enterprise, cloud, social and mobile realms in a naturally easy, secure and a reliable way.

“To provide our client organizations with solutions and services for planning, deploying and operating IAM programs

for enabling ubiquitous identity, access risk management, and identity driven intelligence.”

“To enable our client organizations across the globe, with leading edge professional services driven by real life experiences and

domain knowledge of building best fit IAM solutions.”

Vision

Mission

Copyright © Aujas. All rights reserved.

Services PortfolioEnd to end services for all stages of IAM Program

3

• Access Governance ServicesMeasure and mitigate access risk across distributed business systems. Capability to periodically review access and build executive IAM dashboards

• Ubiquitous IdentityUnified, converged and digital for the enterprise, cloud, social and mobile realms

• Digital Identity ManagementStreamline digital identity lifecycle processes by automating creation, modification and removal of digital identifies within the enterprise or on cloud

• Access Management and SSOEliminate multiple application access channels by one access for all uses

• Privileged Identity ManagementAccountability for shared and administrative access while increasing efficiency

• Identity Intelligence identity dashboards

• Audits and BenchmarkingFunctionality and performance audits to benchmark against industry standards

• Incident ResolutionTroubleshooting, short term resolution, bug fixes, SLA driven support and liaison with OEM vendor for resolution and patches

• Enhancements and OptimizationsProjects to introduce new functionality in the existing IAM system

• IAM Operations And EvolutionIAM operations (onsite / offsite) and provide an enhancement roadmap

SER

VIC

E O

FFER

ING

SSE

RV

ICE

AR

EAS

SOLUTION IMPLEMENTATION ENHANCEMENTS & SUSTENANCE

• IAM Governance FrameworkPolicy & procedure, roles and responsibilities framework required by IAM

• IAM Readiness and RoadmapRoadmap for functionality, investment and preparation assessment

• IAM Technology and Product SelectionSelection of best fit technology and product choice, POC, demo

• IAM Architecture DesignDetailed blueprint of the solution design to weed out technology unknowns

STRATEGY AND PLANNING


4

Descriptions – Planning Services

Solution/Services Value Proposition Probing Questions

IAM Governance Framework

This Aujas service offering has been designed to establish the governance foundation of an IAM program. Under this program we help define business policies and procedures to be automated by IAM and to manage the IAM system. The deliverables also include a governance charter including roles and responsibilities framework for various IAM stakeholders.

• Do you know how you can enhance your policies and procedures to derive maximum benefit from IAM automation?

• Do you have a governance framework in place to manage IAM as a business enabler? • Do you have technology framework that provides a predictable method of

integrating new systems and applications with the IAM platform?

IAM Readiness and Roadmap

A service offering that helps our clients plan their IAM investments in line with this business requirements and ROI. Aujas consultants provide a recommendation of which services to rollout at what timeframe via a roadmap for IAM program. This service, additionally reveals the level of organizations preparedness (technical, operations and project management) for an IAM program and methods to plug the gaps for each stage in the IAM roadmap.

• Do you know if your organization is ready for an IAM Program• Do you know the pitfalls you must avoid while planning an IAM program for your

organization?• Is your current IAM program providing the anticipated business value?• Do you know how you can prepare yourself for IAM from technology, operations and

project management perspectives?• Do you know how you can maximize the return on investment on IAM?• Do you know which features can be introduced quickly to get organization buy in and

which features can be introduced later after preparations?

IAM Technology and Product Selection

Aujas provides a technology neutral approach to establish custom made benchmark for evaluating IAM technology based on your own business needs and goals. This custom made benchmark is then used to evaluate technology and product options. Aujas also provides technology demonstrations, self-guided demos, and proof of concept pilot deployments.

• Do you know the various technology options to address your identity and access management challenges and their constraints and benefits?

• Do you have a benchmark that allows evaluation of IAM product and technology options against your organization’s needs?

• Do you want to experience the products capabilities through a demo or a proof of concept setup?

IAM Architecture Design

This service is designed to establish a detailed blueprint of the solution design to weed out technology unknowns, before starting the solution implementation thereby mitigating project risk and expediting the go live.

• Do you have a detailed macro and micro design for your identity management setup?

• Do you have a detailed design describing how your IAM solution will integrate with your business applications and systems?

• Do you know how to build a fault tolerant IAM system to match your business continuity program?


5

Descriptions – Implementation Services

Solutions/Services Value Proposition Probing Questions

Access Governance

This offering helps design and deploy solutions to measure and mitigate access risk across distributed business systems. The solution offering also provides capability to periodically review access and build executive IAM dashboards, without going through long and tedious application integration cycles.

• Are you able to identify, measure and mitigate access risk across business applications in line with regulatory requirements and security best practices?

• Are you able to eliminate access review fatigue and bring in efficiency enhancement through automation?

• Are you able to assert that you are in control of your access risk?• Do you know who has access to what in your organization?

Ubiquitous Identity

These solutions address the challenge of managing digital identity in a unified converged manner for the enterprise, cloud, social and mobile realms. It directly provides ease of use while enhancing your security posture in a connected world.

• Do your employees complain on having to deal with several digital and physical identities?

• Do you want to leverage one single identity for the enterprise and use it for physical access control as well?

• Do you intend to leverage a unified identity so ease the adoption of cloud based applications?

Digital Identity Management

This offering helps design, deploy and manage solutions to streamline digital identity lifecycle processes by automating creation, modification, and removal of digital identifies within the enterprise or cloud. The solution offering enhances security posture, reduced cost of lost productivity and increases while making access control more responsive for end users and customers.

• Do your users complain about long turn-around time for their access and password request to get addressed?

• Do you intend to reduce helpdesk cost while increasing security of user access management functions?

• Do you intend to leverage automated workflows to eliminate lengthy approval process and paper based form, while keeping tamper proof audit data of all actions?

• Do you intend to eliminate ghost accounts and ensured guaranteed access removal of ex employees?

• Do you want to empower your users to be able to manage their own identity and access across applications thereby freeing up valuable resources?

Access Management and SSO

Solutions designed to provide enhanced security while making it easy for users to access the applications and systems. Solutions help eliminate multiple application access channels by establishing one multipurpose identity for all linked access.

• Do you want to enhance user experience by eliminating the need to remember several passwords?

• Do you want to integrate several business applications with one single ID and password for your end users?

• Do you want to centrally manage strong and more secure authentication?• Do you want to experience seamless login to thick client, legacy apps, or cloud apps

based on your AD login?


6

Descriptions – Implementation Services

Solutions/Services Value Proposition Probing Questions

Privileged Identity Management

These services help design and deploy solutions to bring in accountability for shared and administrative access while increasing operational efficiency. Aujas solutions empower security leaders to comply with regulations and best practice for managing administrative access and prevent insider breach by power users without introducing restriction or bottlenecks. The solutions scale to address the needs for a small server room to large global data centers.

• Do you know what your most powerful users are doing on your IT infra?• Do you worry that your administrators need to share access to be able to perform their job?• Do your administrators and power users need to remember or record access rights to

several hundreds of systems?• Are you able to security store administrative credentials to your IT infra?• Do you change the passwords on all your systems when one of your administrators leave?• Do you periodically recycle passwords on your IT infra? • Do you worry about unauthorized or malicious activity by internal administrators?• Do you have a systems that doesn’t compromise accountability in administrative actions

while allowing ease of use by access sharing?• Do you have a comprehensive log or video recording of critical administrative tasks for

forensic analysis?

Identity IntelligenceThese services provide Identity Dashboards highlighting key metrics and anomalies in user access management process and activities across the enterprise, cloud and mobile realms.

• Do you know how effective your IAM solution is?• Do you know how are your users accessing your business applications?• Do you know where your ghost accounts are?• Do you know what is causing bottlenecks in your IAM operations?• Do you know how which functions on your IAM operations need attention?


7

Descriptions – Enhancement and Sustenance Services

Solution/Services Value Proposition Probing Questions

Audits and Benchmarking

The service offerings helps owners of existing IAM deployments to review and benchmark functionality and performance of the existing solutions against industry standards. The services helps in identifying areas of improvement along with an enhancement roadmap.

• Are you able to ascertain how your IAM investment is evolving along with your changing business needs?

• Is your IAM solution working at the performance levels required by the business?• Do you know where do you stand in terms of IAM maturity?

Incident Resolution

These sustenance services help clients with manage existing IAM deployments by offering ready capability for troubleshooting, short term resolution, bug fixes, SLA driven support and liaison with OEM vendor for resolution and patches. The services enables providing the business users a reliable and error free IAM system.

• Do you a method in place to ensure periodic and proactive maintenance of your IAM system?

• Do you have a system in place to quick address IAM incidents and bugs minimizing the impact on end users of business processes?

Enhancements and Optimizations

These services are designed Projects to help ensure that the IAM systems continue to adapt in line with your changing business requirements. The services help introduce new functionality in the existing IAM system as and when required by the business.

• Do you have a method to quickly respond to changing business requirements by enhancing your IAM system?

• Are you able to allow your IAM environment to continually evolve instead of trying to play catch up?

IAM Operations and Evolution

These service offerings are designed to provide IAM operations and define an enhancement roadmap for the IAM system. The services ensures a reliable IAM system that also keeps up with changing business needs. The service allows flexible delivery models including on-demand execution, on premise execution or hybrid round the clock execution.

• Do you have a method to provide an integrated IAM service to your business that includes IAM operations, troubleshooting, SLA management and upgrades?

• Are you able to allow your IAM environment to continually evolve instead of trying to play catch up?


8

Planning and Implementation Services for

Enterprise Wide IAM

Solution Highlights

Aujas services

Client profile

Key Requirements

Country affiliate

of a Fortune

500 Insurance

MNC

13,000

employees

working across

600 locations

Employee

strength

growing by

30% every year

Heterogeneous IT

environment with

multiple legacy

apps

30 business critical

applications; solve

IT manpower

waste

Controlled

Access and SSO

for business

apps

ID Recertification

for regulatory

compliance

Access

Governance

Dashboards

End to end provisioning

to eliminate errors and

omissions

Identity Manager

Web Access Management

Enterprise SSO

Reporting Dashboards13,000users

8 services

15 custom

adapters30 business

applications

20 reporting

parameters

Executive WorkshopAujas brought various stakeholders

to a single forum to facilitate a

common vision for IAM.

Business Case for

IAM: ROI Estimation

for the IAM initiative -

hard numbers and soft

benefits

Proof of ConceptComprehensive POC was done

to show provisioning into

Life/400 among other features.

Implementation ServicesAujas completed deploying this greenfield project

in 6 months using Hybrid Delivery Model. The

project was divided into multiple tracks and phases

to mitigate project risk. Helpdesk call volumes

reduced by 95% at the end of 9 months.

Continuous Sustenance & EnhancementPost completion of solution implementation,

Aujas has been providing remote and onsite expert

services to ensure the IAM deployment evolves with

changing business needs and remains bug free.


9

Unified SSO for an Industry Conglomerate

to secure Cloud and On-Premise Business Applications

Solution Highlights

Aujas services

Client profile

Industry

conglomerate

with more than 62

group companies

serving

various verticals

Business enabled

by multiple

business

applications and

security domains

More than 8,000

users

Cloud ready

distributed IT

environment

Key Requirements

Need for secure

access control for

the heterogeneous

IT environment

ID Federation to cloud

centric applications

Enable user

access and

SSO to Web

Applications

from multiple

platforms

Easy user on

boarding and

administration

7,000users

Federation Gateway and

IDP supporting SAML,

WS-Federation and OAuth

6 Cloud Applications with open

standards for Federation

Common Portal for

Unified SSO Read Only Integration

with Active Directory

SSO Gateway using

Reverse Proxy

On Premise Enterprise

Applications including home

grown custom apps

Solution DesignAujas leveraged a modular approach to

design a solution using two solution

components – 1.) federation for cloud

applications and 2.) reverse proxy based

multi protocol SSO for internal on premise

applications

Implementation ServicesAujas team created a common portal for unified

SSO to integrate two solution components

together into a unified interface. Both SSO

components were deployed independently and

were integrated with Aujas’s common SSO portal.

Individual applications were iteratively integrated

using a dual track approach.


10

Solution Design and Implementation

for managing Privileged IDs in Telecom Environment

Client profile

Key Requirements

Solution Highlights

Aujas services

Telecom company

providing GSM

and CDMA

Mobility Services

More than 80

million

subscribers

Nationwide network leveraging over 5000 network

elements equipment from 100s of vendors. Managed

centrally from a state of the art NOC supporting onsite

regional teams

Accountability in

usage of Shared

IDs by power users

Eliminate

thousands of

IDs &

passwords

managed by

each NOC

engineer

Dashboards and

reports to reveal

who has access to

what

Workflow based

ID request

approvals

?Activity logs and

video recording of

sessions

200,000 ID Password pairs

Identity Manager

Enterprise SSO

Keystroke and Session Recording

SIEM

4,000NOC users

210 custom

ESSO profiles

4000+ network

elements

26 reporting parameters

Shared ID Management Module

Video recording and Logging95

element

types

110 custom log

parsers

Solution DesignAujas designed an innovative solution to manage shared IDs

over 4000+ devices distributed over a country wide network.

Aujas leveraged IBM Tivoli products to bring in accountability

and ease of use in running telecom NOC operations.

Proof of Concept to showcase

shared ID management and log

correlation to ascertain user

accountability

Implementation ServicesAujas completed deploying this greenfield project in

9 months using Hybrid Delivery Model. The project

was divided into multiple tracks and phases to

mitigate project risk. Aujas created hundreds of ESSO

profiles and SIEM parsers during this deployment.

Continuous Sustenance & EnhancementPost completion of solution implementation,

Aujas has been providing remote and onsite expert

services to ensure the IAM deployment evolves with

changing business needs and remains bug free.


11

Aujas Advantages

Enhancement Factory

Advanced Planning and Design

Services

COE for IAM Solutions

ThinkSecure

Comprehensive Portfolio Coverage

Hybrid Delivery Model

Customized Solutions

Aujas provides advanced capabilities to enhance leading IAM products to better match customer requirements. This is accomplished via a sure shot enhancement factory offering which has been used by customers to obtain custom IAM adapters, SSO profiles, advanced reports, dashboards and customer user interfaces.

The Aujas COE brings together a global pool of IAM experts who work together to address bleeding edge IAM challenges of Aujas customers. The ThinkSecure GDC is used to build rapid prototypes and enable a global delivery model.

The Aujas COE brings together a global pool of IAM experts who work together to address bleeding edge IAM challenges of Aujas customers. The ThinkSecure GDC is used to build rapid prototypes and enable a global delivery model.xzds


12

Aujas ThinkSecure Global COE

Aujas leverages a Center of Excellence physically located at

Bangalore and digitally accessible across the globe.

The Aujas COE brings together a global pool of IAM experts who

work together to address bleeding edge IAM challenges of Aujas

customers.

Aujas leverages the COE to provide additional specialist support to

project teams as and when needed.

Over 100 Certified Experts with proven skills on leading Identity and Access Management Products

Centre of Excellence for rapid prototyping and solution design

Capability to remotely prepare solution components at low cost

Support global projects round the clock

Support capability for all products being handled via projects

Liaison with leading OEMs to design their certification programs

Maintains talent pool across projects

Multi node cluster allowing rapidly building sandboxed IAM images


13

Aujas IAM Engagements

Consulting Engagements

25%

Implementation Engagements

41%

Sustenance Engagements

34%

Identity Governance & Administration

28%

Web SSO and Federation

17%Enterprise SSO21%

Privileged Identity

Management16%

Other IAM Functions

18%

Aujas has successfully delivered over 105 IAM projects during the last five years

IAM Service and Descriptions Summer 2016

Documents

Transcript of IAM Service and Descriptions Summer 2016