Return on Investment – Identity & Access Management Case Study

This post is a short analysis of a successful Identity & Access Management strategy adopted by a 10 billion dollar organization having more than 25,000 users and over 25 manufacturing facilities.
In 2005, the organization had 25 people team performing what is called helpdesk and “GAM function” GAM stands for Global Account Management. Out of the team of 25, 8 people were dedicated to issues related to account creation, management, password resets, access management etc.
During the discussions with the CIO and VP – IT, it was already decided that IT functions that did not add direct strategic value to the business, would be commoditized. Hence it made sense for the IT to classify such functions and not be on the aggressive or on the leading edge of technology for such functions. GAM was classified as one such function. The business, in-spite of some complaints about efficiency, was not ready to pay for initiatives that could bring in further improvement of services.

Some of the tasks being performed under the GAM category consist of:-

  • User account management including provisioning and de-provisioning on various IT assets including applications and infrastructure
  • User password management including reset of passwords, unlocking accounts locked due to bad username/password attempts.
  • Managing access of users in various applications
  • Generating reports of users with access to critical applications covered under audit scope for compliance & regulatory requirements like SOX etc.
  • Helpdesk services – answering calls from users related to IT issues etc and providing first level of support

In order to reduce cost of operations, the organization explored various options including:-

  • Outsourcing to an IT services provider
  • Off-shoring to low cost geography
  • Automation using Identity and Access Management solutions

Outsourcing the GAM function to an “on-site” IT services provider (who would perform the same activities from their facility) would not have yielded them the benefits the organization was looking for. The IT teams also deliberated between the two options:-

  1. Automation first and off-shoring the task of maintenance
  2. Off-shoring first, realizing cost savings and funding automation initiative

Also, various Identity and Access Management solutions were evaluated for the technical capabilities and financials. It was also desired that any such solution needs to be self funding and should not require additional funds from the management. However in 2005, all solutions proved to be too costly.
Hence the organization decided to follow a two phased strategy:-

  1. Off-shore GAM activities till the cost of automated Identity and an Access Management solution was affordable.
  2. Once the Identity and Access Management solution became affordable, the team would then analyze the solutions available and engage with the right vendor and system integrator for implementing the same.

Also, off-shoring business case provided an immediate cost savings. A back of the envelope calculation is shown:-

Towards the end of 2007, the team relooked at the available automation solutions and started negotiation with leading vendors of Identity and Access Management Solutions. Key observations were:-

  1. The Identity and Access Management market had undergone a lot of consolidation and players had strengthened their propositions by making the right acquisitions and partnerships.
  2. The prices of solutions in the market had come down drastically and the vendors were ready to give good discounts.
  3. Good system integrators were available with good exposure to similar implementations thus reducing the risk of technology for the organization.

The team was able to negotiate over 60% discount with a leading provider of Identity and Access Management solution and asked the vendor to recommend an apt system integrator for the rollout. The rough analysis for the business case that was calculated now for automation is given below:-


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: