A leading U.S. provider of employee benefits
A longtime Sirius client wanted to dramatically reduce security risks and improve the user experience of its outdated identity and access management (IAM) infrastructure. It lacked uniform security controls and provided inaccurate data while also requiring a manual management process for onboards, changes and departures.
The Sirius Security practice migrated the client’s legacy IAM capabilities to SailPoint IdentityNow with Okta Identity Cloud and Okta Access Gateway, and then integrated approximately 200 applications. The solution enhanced security across systems, platforms, applications and devices while also improving the user experience. Most importantly, the work ensures that regulatory and compliance requirements including HIPAA, NYDFS, NIS, CSF and HITRUST are met.
In September 2020, the Sirius Security practice was tapped to modernize a client’s IAM systems. IAM is an important component of IT security as it manages digital identities and user access to data, systems and resources within an organization. IAM security includes the policies, programs and technologies that control identity-related access. This modernization project focused on identity governance and administration (IGA) and secure access management (SAM) to dramatically reduce the risk of exposing sensitive data and information while automating integrations of the company’s applications.
Sirius’ comprehensive approach began with client workshops to gather requirements that were used to create a phased methodology, a complete catalog of all existing applications, and a project prioritization framework. This groundwork helped Sirius set appropriate access parameters and gave the client confidence that Sirius could manage the migration of systems with 200 applications and thousands of employees.
Sirius also migrated the client’s legacy IAM capabilities to SailPoint IdentityNow, Okta Identity Cloud and Okta Access Gateway solutions. As part of this work, Sirius deployed multifactor authentication (MFA) for the client’s Microsoft Office 365 and Dynamics 365 environments. “We automated what previously took hundreds of hours of internal integration work while also transferring existing employees and their access rights, which vary widely based on their roles,” said Sirius Security IAM practice Manager Russ Risteen. “We dramatically decreased the time and cost of employee access procedures for the client,” he said.
The solution replaced the legacy platform’s need for manual internal updates that were prone to human error and consumed internal resources in both IT and human resources. The new solution also immediately provides new hires faster access to the tools and information they need to be productive. “If you think about it, IAM is not just a security solution, it’s also a business enabler,” Risteen said.
Risteen shared that additional enhancements are under way, including the development of a role-based access control framework to streamline user life cycle management processes. On the consumer-facing side, Sirius is also helping the client streamline how they acquire customers in a seamless and secure way.