Roadmap for Compliance and Efficiency
Addressing critical needs within an overarching plan
This customer is part of a nationwide network of regional, cooperative, government-supported banking institutions that broker financial transactions. Members of the network exchange money between them to make banking more efficient and to give customers better access to loans and other services. Though it numbers about 200 employees and serves mostly small regional banks, it is common for this customer to be moving billions of dollars every day through its complex systems.
As a financial institution, this customer is subject to some of the strictest regulatory and compliance rules governing US businesses — including frequent audits that have major ramifications for non-compliance. But like many organizations that acknowledge the need for a strong identity governance and administration (IGA) capabilities, it wasn’t sure what to do next.
The current IAM solutions in place were sparse and meant to deal with very specific technical challenges, rather than an overarching IAM strategy. In addition, how an IAM strategy fit within the context of a larger IT strategy was unclear. The IAM strategy needed to be defined, put in the correct order of execution, and then put within the larger context of IT initiatives. All of this needed to show value for the investment, a cohesive vision for the future, as well as deal with existing pressing challenges.
One particular pressing challenge was the imminent sunsetting of the customer’s reverse proxy software. Reverse proxy provides a centralized way to authenticate and control traffic for firewall-protected servers, which makes it an important security choke point. The customer needed to identify and implement a replacement before the software was retired, or pay a large fee for extended support. Choosing a new technology vendor might seem comparatively straightforward, but it’s much more difficult when an organization lacks an identity and access management (IAM) strategy or does not have in-depth knowledge of the IAM solution market. Additionally, developing much of its software in-house put the customer at a disadvantage. It wasn’t aware of the available solutions for automating IAM processes, like role-based access and file sharing, and its proprietary software lacked the built-in automation and efficiency many commercial products provide around standardized compliance requirements.
The Integral Partners team delivered a roadmap with near-term, concrete outcomes as well as a detailed strategy — tied to larger business goals — for fulfilling long-term objectives.
Integral Partners consultants extensively researched viable replacement options for the customer’s soon-to-be-obsolete software, ensuring the customer was getting best-in-class technology without paying for a suite of features it didn’t need. The Integral Partners team also leveraged vendor connections to help the customer negotiate a favorable price.
As part of the comprehensive engagement, Integral Partners provided the customer with IGA solution recommendations for managing role-based access and file sharing — along with the knowledge of exactly what steps to take, and in what order, to successfully implement it. This is a surprisingly valuable (and often-forgotten) aspect of IAM solutions: companies without the benefit of outside expertise often purchase expensive technology, but then fail to deploy it in an optimized way — if they deploy it at all. During the discovery process, for example, it was learned that the customer had previously purchased a privileged access management solution that was languishing in a state of partial deployment. By including the PAM solution on the roadmap, with carefully articulated steps for maximizing its value, the company has now prioritized the implementation process.