A modern Identity Governance and Administration solution for a leading utility company
- Industry Energy & Utilities
- Capability Security, Cloud & Integration, Enterprise Applications
- Customer Utility Company
Our client is one of Australia’s largest energy retailers and generators with more than one million industrial, commercial and residential customers, generating a multi-billion-dollar annual revenue.
Opportunity
The utility landscape is changing rapidly, with more distributed energy resources, more stringent requirements and a workforce much more dependent on remote access. These new challenges mean companies must take steps to modernise their infrastructure and upgrade security to safeguard access to critical networks, whilst at the same time ensuring cost and operational efficiencies are controlled.
Driven by these factors, and in particular the spiralling overheads related to the maintenance of its existing solution used for employee Identity Access Management and user provisioning – Microfocus NetIQ – our client embarked on a transformation of its Identity Governance and Administration (IGA) system and processes.
As many transformations go – thanks to growth, scale and increasingly complex environments – solutions that were once ‘best fit’ no longer serve the current and future needs of the business.
This was the case for our client, and so, a project to implement a modern Identity Governance and Administration (IGA) cloud solution was initiated, and objectives drawn up to achieve:
- Improved security
A consistent security approach for the assigning of users’ access and permissions based on a Role-Based Access Controls (RBAC) approach, and the monitoring of access violations based on Separation of Duty (SOD). - System Confidence and Reliability
Build internal confidence in IGA by delivering a solution that removes the need for manual intervention and improves the reliability of data and efficiency and completeness and timeliness of user provisioning. - Improved Exception Reporting for Audit and Compliance
Due to a merger, our client has strict audit requirements based on ring-fencing and so it was important that the new IGA system would be able to accommodate the ring-fencing requirements and to fulfil them by utilising attestation/certification features, assessing feasibility of Role Based Access Controls (RBAC), and the ability to report on orphan/rogue accounts.
Common issues that were contributing to maintenance costs
Incorrect or missing account data in IGA and target systems
This caused synchronisation issues from SAP HR to IGA, along with data from IGA to target systems such as Active Directory and ServiceNow impacting approval processes.
Join Move Leaver (JML) actions not reflected in the IGA
This meant that modifications to Line Manager, Position, Business Unit Changes etc., were not reflected across systems resulting in inappropriate user access.
Terminations
Terminations were not always performed, accounts were sometimes disabled before the user had left, and there were often delays in contractor offboarding.
“IGA band-aids” and manual intervention
To remedy IGA issues, various scripts were often run, and manual steps were required to verify HR data when sent to the IGA, along with the manual creation of mailboxes and AD accounts during rehire scenarios.
Ring-fencing risks
The IGA solution was not removing access when people moved to a new Business Unit (BU), and BU-to-BU movements were tracked manually which incurred potential audit risks.
Operations effectiveness and reliability of IGA
There were delays of up to 7 hours for HR data to synchronise into IGA, and there were adverse effects such as the disabling of accounts due to unknown processes within IGA.
Solution
As a long-term partner to our client, we were engaged to assist with the implementation of the new IGA solution, starting with an Implementation Planning Study (IPS) phase for IGA designed to help plan and de-risk the project.
Bryan Nicholas, Solution Architect at NRI said, “Projects like this often span multiple departments and systems and have a historical reputation for failed implementations and a poor success rate of delivering true business value.”
He added, “NRI has been involved in re-implementations over the last 18 years where clients have ripped out existing IGA solutions because they thought the technology was the issue.
However, the fundamental failures are not always related to the technology, but due to lack of vision, inadequate requirements, limited understanding of processes, lack of stakeholder commitment/involvement/buy-in, no defined roadmap and priorities, and poor planning.”
For our client, these risks were well understood, and so facilitated through NRI, the project followed a strict IGA delivery approach to help reduce common issues, and to provide a blueprint for success.
This part of the process involved an Implementation Planning Study (IPS), which Bryan described as “peeling back the outer layer of the onion”. This involved a series of workshops with key stakeholders to focus on identifying the complex IGA business processes that span the various systems (SAP HR, SAP user accounts, ServiceNow, Microsoft Active Directory (AD) and Office 365); and mapping these to the identity management lifecycle of the various identity types such as employee and contractor.
This provided a clear understanding of the high-level requirements, potential problems, dependencies, priorities, and future state needs. Giving us insights that we used for our planning and prioritisation as we progressed through to the Design, Build and Deployment phases.
Outcomes
The implementation has yielded many business improvements so far, delivering on its high-level objectives and positioning our client for future growth and compliance with regulatory standards. The key outcomes of the new solution delivered include:
- Greater operational efficiency
The streamlined identity and access management processes have enhanced business operations by significantly reducing the operational overhead associated with HR identity maintenance and account provisioning and deprovisioning across multiple systems and applications. - Improved data accuracy and completeness
The new integrated IGA system ensures consistent and accurate user account data synchronisation, eliminating the need for regular manual audit efforts and associated costs, resulting in improved data quality and more reliable business operations. - Cost reduction
The previous MicroFocus solution incurred additional costs for maintenance, consulting, and remediation efforts. By transitioning to a new solution, our client has significantly reduced these costs. The elimination of manual remediation tasks and improved efficiency in user management has also resulted in cost savings for the HR, Service Desk and Infrastructure teams. - Improved governance and auditing capabilities
The new solution allows for the implementation of controls such as separation of duties (SoD) and compliance with Ring-fencing regulatory requirements. This transformation not only ensures regulatory compliance but also provides a competitive edge and sets the foundation for future expansion.
Following the successful cutover, we have been diligently providing business-as-usual (BAU) support under our Managed Service capability. This includes addressing technical issues, monitoring system reliability, managing patches and upgrades, and offering integration support to other system teams.
Looking ahead, our continued partnership outlines plans for further roll-outs of the IGA system, which encompass the integration of additional applications and extending the RBAC footprint to help automate additional access and enforce the security footprint. Right through to Transition Support managed via our Managed Services team.
We continue to work closely with our client, providing dedicated support throughout the roll-out process, and ensuring the successful adoption of expanded IGA capabilities.
Ready to think ahead?
Get Notified
Want to keep up to date with our latest news, media, or insights? Subscribe below.