Identity and Access Management (IAM)
Why is Identity and Access Management so important
"Why is identity so important? Identity forms the basis for authorization and trust.
NIST draft publication 800-103: “An Ontology of Identity Credentials”
An effective IAM system is the foundation to a more secure, easier to manage, lower cost security architecture. In the world of SaaS applications and remote employees, the old moat around the perimeter is no longer truly able to provide a level of security to accommodate the dynamic and porous organization of today. Instead, building security around identity gives security teams the ability to establish much higher degrees of security, control and responsiveness while lowering cost to operate and levels of management. Two essential benefits in a world of budget constraints and difficulty finding skilled resources
​
With a robust IAM system in place, organizations can:
-
Implement multi-factor authentication
-
Monitor for suspicious activity
-
Control access to sensitive information and resources
-
Reduce the risk of unauthorized access, data breaches, and other cyber threats
-
Provide detailed audit trails, making it easier to detect and investigate security incidents
-
Streamline IT processes by automating the provisioning and de-provisioning of users
-
Reduce the time and effort required to manage user accounts
-
Reduce manual errors, which can lead to security breaches
-
Comply with industry regulations, such as HIPAA and PCI-DSS, and avoid costly fines
Why choose Zephon to help with your IAM needs
-
Our leadership has over 25 years of deep experience working on complex large scale IAM projects
-
We know how to recruit only the most experienced and skilled staff with proven hands on IAM project experience. This ensures we can accomplish more, while maintaining the highest level of excellence
-
Our rich experience ensures clients are not left with security gaps. All systems designed and implemented are robust, scalable and work with minimal supervision
-
Zephon’s team has Public Trust security clearance so you can feel safe that the sensitive work of IAM is in the right hands
Success Story
Challenge
Internal Revenue Service (IRS), Office of Information Technology and Cybersecurity - As part of the CDM (Continuous Diagnostics and Mitigation) the IRS wanted to replace the existing custom identity access governance solution with a COTS (commercial off the shelf) product and migrate 500,000+ entitlements, 20,000 application and 90,000+ users to the new system without any user impact while keeping the access audit trail intact. The access request workflow was highly complex with up to 10 levels of approval and different approval groups for each type of request. The new solution also had to support access certifications (privileged and non-privileged) for all users and extensive reporting requirements. Also as part of the endeavor a Treasury-wide identity warehouse had to be designed to support users from multiple departments under the Treasury. While the existing solution was on-premises, the new solution was to be hosted in AWS GovCloud, the first of its kind at the IRS..
​
Solution
Zephon, working alongside CDW, replaced the existing custom Oracle Forms based solution with a SailPoint IdentityIQ-based solution, called BEARS (Business Entitlement Access Request System), as the organizational identity governance solution, migrating all 500,000+ entitlements over two years. The system also integrates with CyberArk to govern privileged access, and Splunk for reporting, monitoring and dashboarding. The backend identity warehouse is designed on Radiant Logic. All these deployed on AWS GovCloud. The new solution has passed all GAO and TIGTA audits since going live and has maintained its ATO successfully.
​
Impact
-
Migrated 90,000+ users and 500,000+ entitlements to a new cloud-hosted identity governance solution
-
No user impact throughout the process
-
Entire access audit history was migrated from the old system to the new
-
Automated all AD related access provisioning
-
All existing access request workfl ows and approvals were also migrated
-
Developed a custom access model for different levels of access like managers, approvers, help desk, system admins, reporting etc.
-
Developed custom access model for different report categories
-
Have run multiple manager access certifi cations since go-live
-
Integration with CyberArk for Privileged Access Management to enable a single access governance interface
-
Integration with Splunk to provide detailed monitoring, dashboarding and reporting.
-
Designed an inter-agency identity warehouse using Radiant Logic
Contact us for a free IAM assessment. Our experts are ready to help.