Cricket had a set of base challenges that became the core business case for the project. For starters, their infrastructure had outgrown manual processes. They had a growing number of new systems (billing, point-of-sale, supply chain management) and broadening regulatory scope over the past few years that resulted in a more complex and difficult-to-manage environment. Processes were largely manual with spreadsheets and line-by-line data reconciliation.

During quarterly reviews, the IT team would have to manually scan data to discover access violations with the business owners. This was over 32,000 accounts for 6,000 users.

With the Aveksa solution in place, many of their identity and access governance goals were achieved. Quarterly access reviews went from an arduous eight week manual process to three weeks. Individual business owner process times dropped from hours to minutes.

To find out more about how Cricket solved their access challenges with Aveksa, view the webcast in its entirety.

Intentions are well and good, but what they ended up with is another thing entirely. For the most part, traditional provisioning systems have not achieved their intended goals and have actually managed to condition IT professionals to accept that things aren’t going to get any better. Implementation times will stay ridiculously long and costs prohibitively high. Gartner agrees that historically, provisioning systems have not been terribly successful:

“…provisioning deployments have failed to reach the level of maturity that customers expect.”
- Gartner, An Inside Look at Enterprise Provisioning Deployments

Lets change that, shall we? It’s time for a new approach. Aveksa Access Fulfillment Express (AFX) is changing the game of provisioning.

Cleanly Separated Business and Integration Logic

A large part of the reason why traditional provisioning systems are challenged to deliver on their promises is because they combine business and integration logic into one single tightly-bound system. This results in bulky infrastructure, requiring invasive adjustment of application level business processes, along with complex analysis and data modeling.

Decoupling the business and integration logic creates a more flexible system. The business logic handles areas that are valuable for business decisions – managing access to data and applications, policy lifecycle events, change requests, audit readiness, etc. This leaves the integration to simply fulfill the access related changes driven by the business logic above.

On-board More Applications Quicker

Because of a loosely-coupled approach to provisioning and separating business from integration, application implementation times are greatly reduced. The need to decipher and change business processes inside of each application and system is over.

The non-invasive and non-invasive integration offered by AFX lets enterprises connect to more applications than their traditional IdM system would allow. Better yet, these applications can be on-boarded in a matter of hours, rather than weeks or months.

Open and Configurable Adapter Toolkit

AFX employs an open source enterprise service bus, comprised of public message definitions, interaction patterns, and adapters. The result? A completely open adapter configuration toolkit. Our customers will be able to use the pre-built adapters as-is, extend them, or create their own.

Provisioning really isn’t what it used to be. That’s a good thing, don’t you agree?

Join us for a webcast “Provisioning Should Be Simple: 5 Tough Questions to Ask Your Identity Management Vendor” on May 17, at 11.00am ET.

For this post, we will focus on suggested best practices to help keep implementation costs in line, meet deadlines, and most importantly to exceed internal expectations.

Management Support

Support from management is a necessity, especially when considering the steps leading up to signing a statement of work. That’s well known, but what about after the statement of work is signed? Considering the reality of any project involving access controls, business processes and IT workflows, management needs to offer guidance along the way. More than just guidance, management will be the common thread that holds much of the project together by confirming data sources, project headcount, and depth of the initial implementation phase.

Sufficient Operational Resources

Management should help ensure that a deep enough internal team is dedicated to the project. While this is obvious to most, it surprising how often a single project manager is assigned to a sizeable access governance data collection project. Having a deeper set of resources will help when various team members are inevitably assigned to other competing projects internally.

Validated Data

When rolling out an access governance solution, it’s undoubtedly important that the collection of data is aligned with the correct sources *before* the vendor has left the project. Validating this at various points during the implementation is helpful, but so is having several team members validating the data sources (applications, directories, etc) to ensure the correct collectors are being built. It’s not unusual for a client to realize once the implementation has concluded that they missed several key data sources or applications.

Following these three general tips will help any early-stage identity and access project stay on schedule and within budget. Of course, if you have any tips of your own, please share them in the comments!

Be sure to join us on May 17th for a webcast about how we are simplifying provisioning as it exists today. 

During our most recent webcast, we were joined by one of our newer customers, Friends Life. Friends Life is the 5th largest UK based life and insurance company. They have 6,000 users and 20 critical applications identified as part of their rollout of user access controls.Why did Friends Life need an Access Governance solution?

• Repeated audit findings and regulatory guidance. The joiner/mover/leaver process became too complex and difficult to validate for auditors.
• Business managers and the executive team didn’t have adequate visibility into certification processes.
• Manual certification process were not sustainable or scalable.

While listening to the clip above, think about how you might answer some of these questions: Are you in a similar case where the application owner (IT) is tasked with defining both application workflows and business process rules? Do they have the full identity and data context they need for a proper business review? Do they know who should have access to what applications and why?

This is a classic case where IT, being the application owner, has to make business access decisions relying on business context that they don’t have. Needless to say, this took a long time to manually complete. Implementing an automated access certification process reduced the user entitlement review process time by 50%, eliminated orphan accounts, instilled an enforcable segregation of duties policy, and eliminated self reviewers.

What’s the best part of all this? Friends Life deployed phase one of the Aveksa Access Governance Platform in 17 business days. How’s that for time to value?

If you missed the webinar, or just want to watch it again, you can find the full length version here. For more on access governance, check out our whitepapers, case studies, and previous webinars.

The podcast is available here

http://www.aveksa.com/news-events/press-releases/Aveksa-and-Conet-Partner.cfm

They also note that the need for (and recognition of the need for) identity and access management governance is growing – they estimate that IAG-led projects will double from one-third of all IAM projects, to two-thirds by 2013.

We’re happy to have been named a leader in this report, and are grateful to our customers — the reason for our success.

Unauthorized SharePoint access is a common security gap, in many organizations.  We’ve seen numerous customers struggling with this, unable to get their arms around who has access to which SharePoint site, and what types of data (classification, risk level, and content) are thus accessible.

While most organizations don’t need to worry about employee access to classified information, rogue access to confidential corporate information can nonetheless be damaging and expensive – as clearly demonstrated by the RSA and Sony incidents this year.

I’m sure there will be additional Information Security-related aspects of the ongoing Manning hearing, and we’ll continue to cover them here.

There’s been a tremendous amount of media coverage and protest around this, related to both Manning’s actions, as well as the government’s treatment of the accused.  Staying away from the political aspects of these,  we’ll be monitoring the Information Security aspects of the hearing.  Portions of the hearing will be open to journalists, while some will be closed to the public, due to security considerations.

The Guardian has a good overview, here , and their journalist @Edpilkington  is live tweeting the trial.