Upload
cloudidsummit
View
262
Download
3
Tags:
Embed Size (px)
Citation preview
Lessons Learned in the First Year of an IAM Program 6.8.15 Matt Chambers Principal, Identity and Access Management
Asurion_Confidential
2 Asurion_Confidential
• Identity • Authentication • Directory • PKI
• 23,500 employees and contractors around the globe
– Turnover: 18,000 employees and contractors a year
IAM at Asurion
3 Asurion_Confidential
• No identity or access management program
• 20 active directory domains some with no trusts
• 3 separate and different user provisioning processes
• Internal applications coded differently for authentication
• A complete mess of an OU structure
• Manual user rights reviews
Where We Where
4 Asurion_Confidential
• IAM program officially kicked off in February 2014
• IAM team formed in April 2014 • Simple automated provisioning for
all users in the enterprise • Automated attestation reviews for
key applications • Collapse of active directory
domains • Self-service password and account
management
IAM Program Goals for 2014
5 Asurion_Confidential
• Include HR • C level support is important • Accurate data is key • Process, process, process • Make sure you know all HR data sources • You will take steps backwards • Dedicated team • It will take time, do not take on to much at once • Do not deploy IAM platform and new HR
system on same weekend
Lessons Learned
6 Asurion_Confidential
• Build on deployed IAM platform • Make IAM platform center of onboard/offboard
process • Continue deployment of attestation reviews for
additional applications • Service account management • Virtual Directory Server • Re-evaluation of authentication platform
Where IAM Goes Next
Asurion_Confidential
THANK YOU Asurion IAM Team Matt Chambers – [email protected] Cory Plastek – [email protected] Whitney Thompson – [email protected]
8 Asurion_Confidential
Where we want to be…