Reviewed 250+ EAM tools for technical and business value.
Our client needed an independent analysis of enterprise-wide Identity & Access Management (IAM) capabilities and toolsets. In recent years a number of Authentication, Authorization, Provisioning/De-provisioning and Certification tools had been deployed without a centralized governance and strategy. A baseline assessment and future state road map was needed to facilitate a strategy for long term cost savings and increased application control and efficiency.
Following Client Enterprise Project and Information Security Methodologies, the engagement team performed an independent analysis of our client’s IAM capabilities and toolsets. Engagement steps we executed were:
Conducting EAM stakeholder and subject matter expert interviews
Developing criteria for application certification (IAM and non-IAM Tools)
Performing baseline analysis and mapping of 5 EAM controls (Authentication, Authorization, Provisioning, De-provisioning, and Certification)
Performing Gap Analysis for exclusions and overlapping functionality
Mapping each application based upon business and technology suitability
Current and future state recommendations for decommissioning and investment
Key deliverables included:
Overall IAM Tool Rationalization Project Plan
EAM Tool Baseline Report and Tools Mapping (Controls and Robustness)
Gap Analysis Report
Roadmap: Strategic Component and Action Plan
The team vetted and analyzed more than 250 IAM tools and vendor products in use, considering technology and business value requirements. We provided a recommendation for each tool: to consolidate/retire or invest/modernize the tool. The roadmap provided decommissioning recommendations over three years, process improvement recommendations, and identified a core set of strategic IAM tools for consolidation and further investment. This consolidation would eliminate “home grown” tools and tools with partial functionality, resulting in significant proforma saving.