Why IAM is the Need of the Hour

1. IDENTITY ACCESS MANAGEMENT Why IAM is the Need of the Hour? Case Study V.7 - March 2022

2. Why IAM is the Need of the Hour? INDEX 1. Overview............................................................................................................................. 01 2. Defining Identity Governance...................................................................................... 01 3. A Working Definition....................................................................................................... 02 4. Implementation of Identity and Access Management in Public Sector........... 03 5. Need and Background................................................................................................... 03 6. Business Drivers.............................................................................................................. 03 7. Our Solution..................................................................................................................... 04 8. Best Practice.................................................................................................................... 04 9. Scope.................................................................................................................................. 05 10. Key Benefits...................................................................................................................... 05 11. About TechDemocracy................................................................................................... 05 info@techdemocracy.com www.techdemocracy.com

3. Why IAM is the Need of the Hour? As organizations advance towards digital transformation, companies need to be able to transmit verifiable statements instantly (e.g., about their position, Value, achievements and so on) providing electronic evidence that the claim is valid. Overview To tell that - IT environment has shifted, and this would be a huge understatement. We just see this happening around us. Yet to say, the transition is not necessarily a bad thing. Like in other technology organizations, Identity governance is in the process of change. We can see that this can be a positive transformation; as the way it allows us to be more flexible and stronger. A few years ago, cyber criminals and hackers spent the most of the time creating ingenious malwares, finding vulnerabilities, in common software packages and with the launch of SQL injection attacks. But, today, they’ve found it easier to capture and exploit the credentials for user access. Defining Identity Governance Identity enterprises prevent data threats and breaches by protecting the organization’s identities. But what is it, exactly? governance helps Around the same time, we’ve changed the way we work. We support and accept the mobile and cloud computing and use collaborative software’s to make it easy to share files and unstructured data. However, we are finding it tremendously a difficult task to answer apparently to basic questions like who has access to applications and systems, and if they are violating business access policies. Identity Protection is one such strategic technology that enables organizations to protect themselves against challenging threats, often beginning with compromised user skills. They can also help companies protect unstructured data, make more effective use of cloud-based resources, streamline management activities and thus enhance the customer experience of employees and subordinates who want easy and convenient access to applications. Identity is the centrepiece of any corporate resource or data. We believe in helping the organizations understand the and make them manage their identities and provide access to their employees, customers, and partners to experience streamlined digital transformation. current need These developments have shifted identity to the cyber security center. Organizations today need to be detailed in Identity Solutions to safeguard that the user has proper access to and response to computing resources and to answer important questions like, “Who has access to what? “Why” Can they make use of that access? “And” Does that kind of access adhere to Policies? The modern, digital enterprises need a secure and efficient identity strategy to manage user access to cloud or on-premises applications and services. Your employees, customers, and partners depend on these resources to conduct business. Governance Identity regulation, however, has a variety of moving parts and is evolving rapidly. It might be a challenge for managers and workers alike to consider and resolve the new problems they face in this kind of environment. info@techdemocracy.com www.techdemocracy.com

4. Why IAM is the Need of the Hour? A working definition We define identity governance as: Technology and processes to ensure that all have proper access to applications and systems, and that the organization is always able to detect who has access to what, how that access is been used, and if that access conforms to policy or not. Our approach is to focus on advising the integration services that are solution-agnostic as per the organization’s needs. We help enterprises reduce costs and risks while achieving compliance and growing their business. We help you align your various technology solutions with future requirements and use cases and maximize your IT infrastructure investments while staying secure and compliant. Here is our success story on implementation of Identity and Access Management for one of the pioneers in Area Transit Authority. and customized Secure your organization and mitigate the Known and Unknown Risks Reduce Costs Modernize your Business Get right-size user access to your sensitive data and applications while monitoring continously and defending against advanced threats, regardless of user, device, or type of applications. Integrate and automate user provisioning through our identity and federation services, and access controls with less operational costs and get more effecient onboarding and de-provisioning of users Deliver a seamless user experience for all user - internal and external - accessing apps and data with full lifecycle management of identities integrated within your IT stack info@techdemocracy.com www.techdemocracy.com

5. Why IAM is the Need of the Hour? Implementation of Identity and Access Management in Public Sector Need & Background The client was facing issues with the multiple applications warranted the maintenance of multiple passwords for each user. There were Critical systems vulnerable to orphan and rogue accounts. The CSO also wanted a solution with the lowest TTM (Time to Market). Here are few more business challenges facing by the organization: • Seamless integration between cross agency applications • Reduced Operational Support cost • Reduce IT costs and improve efficiency • Heavy Documentation maintained for resource procurement with hardcopy archives maintained • With these many web applications implemented, users had to remember multiple passwords • Managing the volume of users and security efficiently and in real-time • Single User ID and Password for all state services • Enable Personalization Features for Citizens • Efficient audit trails for affective compliance requirements Business Drivers Study the current systems for 2 weeks to understand the data-flow between systems and within the system and identify the dependency of functionalities and sub- functionalities. • Operational Efficiency Driven • Delivering Identity Management implementation as a Service based on best practices for identity life cycle, accelerators and flexible engagement model After analyzing the options and listening to the business need, we have explained the client about the deployment options like: • Security Driven • Compliance Driven • External Access Enablement info@techdemocracy.com www.techdemocracy.com

6. Why IAM is the Need of the Hour? Our Solution We implemented IAM solution to address the business challenges as well as technical challenges like: other state agencies to provide system access for Medicaid services • Reporting capability • Streamlined AuthN and AuthZ Auditing requirements • Cut time, cost and risk of deploying web applications and web servicesHigh number of People soft instances – 50+, making administration of user accounts cumbersome • Implemented single repository, and unique ID’s created to users • Conversion of hardcopy archive process (for resource procurement) into an online repository with ease of access and search capability • Provide multiple State Entities and the general public to access applications and systems based on role, location, organizational unit, and Data access • Track, alert, and counter security threats related to system access, and analytical capability • Leverage Identity management platform to provide access to the various systems to all different categories of users and assign access to systems • Provide a federated single sign-on identity that could be utilized by Best Practice • Define your Identity and Access Management roadmap • Phase wise approach for better manageability and quick wins • Delivery methodology based on PMI standards tailored to verticals • Each stage in the project is represented as a continuous sequence of activities in the project lifecycle as an iterative methodology • Engaging the experts during the initial stages of the deployment (planning, requirements gathering and design) to quickly mitigate risks • Investing in knowledge transfer early in the project to ensure staff / technical team has the right knowledge of the technology and tools used and helps in having an effective process and a successful deployment • Adopting Identity and Access specific system best practices info@techdemocracy.com www.techdemocracy.com

7. Why IAM is the Need of the Hour? Scope Identity Governance and Administration • Password Reset • Data Correlations / Aggregation – Establish Unique ID’s • Automate Hire to Retire Process • Integrate with HR system • Provision to Active Directory • Role Based Access Control / SoD • Access Request • Auditing and Reporting • Who has access to what, Orphan Account Detection • Recertification • Single Sign-On and Federation • User Application Usage Activity Report • Step-Up Authentication Key Benefits • 45 PeopleSoft instances SSO solution implemented in 12 weeks • Reduced password related Help desk calls significantly • Improved Customer Service through fast and automated account setup • Increased internal & external Customer Satisfaction About TechDemocracy TechDemocracy is a framework-driven solution-agnostic organization dedicated to helping companies operationalize a unique solution program that matches every business requirement. Our expertise and knowledge base are gathered from our 150 plus engagements across the globe. This practice enabled us to build customized solutions, utilizing the appropriate services to address challenges the cybersecurity industry is facing today. Our services include Identity & Access Management, Governance Risk and Compliance as well as Threat Management to clients from various business domains such as Healthcare, Pubic sector, BFSI, Retail, and Federal, etc. info@techdemocracy.com www.techdemocracy.com

8. Why IAM is the Need of the Hour? Reach Us @ info@techdemocracy.com www.techdemocracy.com 1 Corporate Place South, Suite # 110, Piscataway, NJ 08854. Call Us : +1 732 404 8350 Fax : +1 732 549 7020 info@techdemocracy.com www.techdemocracy.com