Identity & Access Management Policy Re-write

Download story as PDF

Challenge

Our client, a premium global retail chain retailer based in Seattle, retained Kalles Group as a member of the Identity and Access Management (IAM) team. The IAM team focuses on systems access control, identity management, and data protection in order to provide organization-wide security and enable employees in performing their daily tasks.

IAM’s main tool is the CA Identity Manager product suite, third-party software based on the Windows and Linux platforms. Existing standardized options and business policies (referred to as rules) did not provide the flexibility needed to keep pace with required upgrades. Furthermore, outdated, conflicting rules as well as an increasingly unstable infrastructure called for an overhaul of the entire environment.

Hindering efforts to begin, however, was a lack of documentation that described current rules and how they were implemented. There had been no coordinated vetting process with product owners for sign off on these rules, which led to policies and processes that did not meet client quality standards. Furthermore, the rules did not follow product guidelines, leading to random and confusing customizations.

Approach

Kalles group was brought in as the subject matter expert to define the approach for the solution and work closely with IAM team members and a vendor services team to implement the solution.

Rather than migrate the current business rule set and continue down a path that would have resulted in losing effectiveness and functionality, the IAM team decided to create an upgraded version of the CA Identity Manager tool and rewrite all business rules from scratch. This approach would provide an opportunity to better align
the rules to our client’s best practices and standards and meet or exceed their requirements and expectations.

Kalles Group performed an inventory of all existing “as-is” rules from the infrastructure currently in use. These rules were then vetted with product owners to confirm that actual business requirements were captured. Kalles Group initiated this outreach to product owners and then documented the new standards for reference.

A vendor was contracted to assist with writing the newly standardized rules for CA Identity Manager. This decision became critical later, as the vendor fell behind on a non-negotiable project deadline set by organization
leadership.

Solution

Kalles Group developed a comprehensive requirements document for the IAM team. The document was then passed to the CA Technology Services team to implement the business rules in CA Identity Manager.

The project deadline was non-negotiable and meeting this date was crucial to stakeholders. When the IAM team recognized that the vendor was unable to complete their sub-task writing rules within the project schedule, Kalles Group recommended two changes in order to make the deadline:

  • Switch to an agile project management model.
  • Leverage Kalles Group resources to write a significant portion of the new rules for CA Identity Manager.

This last item was voluntary and an addition to the work Kalles Group was initially tasked with. The new work included identifying the rules that were independent from those the vendor was working on and then taking point on writing the remaining rules.

Also initiated and provided by Kalles Group were training sessions to educate peers on how the new business rules would be implemented and function within the upgraded CA Identity Manager tool. This would help support the IAM team work going forward when identifying and writing new rules.

Results

Although the project is still on-going, after identifying and starting the writing on the rules set reclaimed from the vendor, the IAM team is back on track to meet the project deadline.

Already in place is the new comprehensive business requirements document, providing a reference for standardized rules and implementing processes for modifying and creating business rules going forward. This new resource, along with an upgraded and more standardized CA Identity Manager, will enable:

  • Fewer support tickets being opened by various business units.
  • A reduced number of calls made to the help desk group.
  • A more structured vetting process, leading to the development of consistent new rules and processes going forward.