McKesson Case Study

Open Identity Summit


McKesson “Lean Start-Up” IAM Initiative

Nick Yoo McKesson


Agenda � About McKesson & ISAS Team

� Challenges

� “Lean Start-Up” Approach

� Critical Success Factors

� Current Status

� Direction

� Summary

� Q&A


McKesson At-a-Glance


Leadership Positions in Both Segments


Global Leaders Across Healthcare Industry


Information Security Architecture & Services (ISAS)


ISAS Solutions and Services


History of IAM efforts � Consulting effort began in 2009

� Key business drivers identified

� Standard approach

� Support customer and business partners

� Prepare for new technology and HITECH act

� Cost reduction

� Audit and compliance

� Enterprise Governance

� Recommendations included

� Architecture standards

� Vendor evaluation and selection

� Create one user ID for each customer

� Customer Identity Store

Typical Waterfall Approach


Radically different approach required

Different Customer Base

P&L

Priorities

Business Risks

Unique Solutions

Diverse Requirements

Delivery


“Lean Start-Up” Approach

Lean Principles Strategy

• Experimentation over Elaborate Planning

• Customer Feedback over Intuition

• Iterative Design over Traditional “Big Design Up Front” Development

• Customer Identity • BU-specific projects • Quick Wins • Measured results • Marketing • Just-in-time investments • Lower Costs • No formal product

evaluation • Build infrastructure as

required

Source: S. Blank, Why the Lean Start-Up Changes Everything, HBR


McKesson “Lean Start Up” Process

Pharmacy – OpenAM/DJ Upgrade

MedSurge– OpenAM WebSSO

Distribution Federated SSO

RH Pharmacy – OpenIDM Provisioning

MSO - OpenIDM Self-Service

MHS - OpenIDM On-boarding

Project to Program Shared Services

Enterprise Standard Solutions Enterprise Infrastructure


Critical Success Factors • Open source debates • Legal review of open source license • Open source code scanning • Approval from the CTO office • ForgeRock references

• Unique business needs • Building credibility • Quick wins • Cost comparisons • Open source • Platform as a Service

• Over 50 presentations • Executive-sponsored initiative • Proof of concept projects • Free consulting • Lower cost delivery model

• Framework and Architecture • Project management • Partnerships with customers,

ForgeRock, Exadel, and internal IT organization

• Gradual ramp up through training, pilot projects, external resources

Open Source

Marketing

Delivery

Rapid Adoption One

Access


IAM Framework

� Enhanced user experience � Improved management

of security risks � Efficient development/

deployment of applications � Reusable integration

� HIPAA, SOX compliance

� Common logs � Improved

accountability � Common reporting

� Reduced administrative tasks

� Reduced help desk calls � Improved process efficiency � Reduced Infrastructure

Costs � Central user information

� Reduced administrative tasks

� Reduced help desk calls � Improved security � Accountability � Cost savings

Business Benefits

Identity Management Access Management

Monitoring/Audit & Compliance

User Self-Service & Password Management Virtual Directory Web Access

Management/SSO Centralized Audit

Delegated Administration

Synchronization/ Replication

Federated Identity Management/SSO

Logging and Monitoring

Automated Approvals and Workflows

Meta Directory

Authentication & Authorization Access Certification

Enterprise Role Definition Directory Storage Standard APIs Reporting

Identity Data Services

Prioritized BU Needs To-date

IAM Solutions

IAM Components


Current Status

Most Projects Completed in Less than 3-4 Months

High Satisfaction Ratings from Customers

Over 15 Projects in 7 Major BU’s

3 FTE’s and over 10 Contract Resources

Demand Trends

Over 200 Apps

Identified

Cloud Integration


Our Direction

Over 80% Business Adoption employees, customers and partners connected

securely via McKesson OneAccess

� Patient Identity

� Product Integration

� IAM Ecosystem

� Formal Business Case Development

� Support Key Business Initiative


Summary � Focus on immediate business value

and results

� Scale and expand services as required

� Tackle easy to define projects

� Establish IAM framework

� Maximize open source product value

� Focus on user satisfaction

� Establish strategic partnerships

� Communicate

� Demonstrate success


Q & A

McKesson Case Study

Technology

Transcript of McKesson Case Study