Enterprise-Wide Analysis of Identity Access Management (IAM)

Discover how Oxford provided an independent analysis of enterprise-wide Identity & Access Management (IAM) capabilities and toolsets.

INDUSTRY
Financial Services

SERVICES
Identity Management Security Analysis
Product and Tool Review
Capability Maturity Levels and Roadmap
Strategic Frameworks

SKILLS
Identity & Access Management Analysts
Identity Management Engineering
Application Authentication Solutions

The Challenge
Our client needed an independent analysis of enterprise-wide Identity & Access Management (IAM) capabilities and toolsets. In recent years a number of Authentication, Authorization, Provisioning/De-provisioning and Certification tools had been deployed without a centralized governance and strategy. A baseline assessment and future state road map was needed to facilitate a strategy for long term cost savings and increased application control and efficiency.

The Solution
Following Client Enterprise Project and Information Security Methodologies, the engagement team performed an independent analysis of our client’s IAM capabilities and toolsets. Engagement steps we executed were:

  • Conducting EAM stakeholder and subject matter expert interviews
  • Developing criteria for application certification (IAM and non-IAM Tools)
  • Performing baseline analysis and mapping of 5 EAM controls (Authentication, Authorization, Provisioning, De-provisioning, and Certification)
  • Performing Gap Analysis for exclusions and overlapping functionality\
  • Mapping each application based upon business and technology suitability
  • Current and future state recommendations for decommissioning and investment

Key deliverables included:

  • Overall IAM Tool Rationalization Project Plan
  • EAM Tool Baseline Report and Tools Mapping (Controls and Robustness)
  • Gap Analysis Report
  • Roadmap: Strategic Component and Action Plan

The Result
The team vetted and analyzed more than 250 IAM tools and vendor products in use, considering technology and business value requirements. We provided a recommendation for each tool: to consolidate/retire or invest/modernize the tool. The roadmap provided decommissioning recommendations over three years, process improvement recommendations, and identified a core set of strategic IAM tools for consolidation and further investment. This consolidation would eliminate “home grown” tools and tools with partial functionality, resulting in significant proforma saving.

Share This