Identify and Access Management (IAM) is the process of giving people with authorized digital identities different levels of access to company resources. The practice controls users’ permission to view and engage with vital information in the organization. Companies can protect their data and systems from bad actors and inappropriate usage without the need for human intervention.
In this use case, the client is a large grocery retailer that has used IBM Tivoli Identity Manager (ITIM) solution for the past eight years. The customer was running Version 5.1 and needed upgrading.
The centralized IAM solution provides the client with user provisioning, life cycle management, Zero Trust, role allocation, and service account management. Instead of having to manually create users within their system consisting of more than 2,400 unique targets, the retailer now has the capability to see which digital identity has access to specific accounts. Administrators can see when access was granted and can periodically review access to see if the identities still need the rights they have. This allows the company to ensure the right access rights are given to the right people at the right time.
Password synchronization is another primary purpose of the IAM solution. With the centralized environment, the client can now ensure a single password exists for all the accounts the identity owns. During the past year, the system handled more than six million password reset requests.
When the solution reached end-of-life, extended support became unavailable. The system is crucial for the client’s day-to-day operations, so a new solution needed to be found. Several attempts were made to perform an upgrade, but all failed. The reasons for failure included:
the vast number of customizations,
the complexity of the customer environment, and
sheer number of transactions being handled by the system.
In the past, SecurIT provided mainly an operational service to the client, with minimal involvement in the strategic aspects of IAM. Services primarily revolved around project upgrades and did not include contracts or governance. The client took the opportunity to take a step back and consider other options, both within the IBM stack and beyond.
When the time came to upgrade the environment, however, the client realized that upgrading to another IBM option offered various advantages. This theory was based on the fact that they were already an IBM customer, and they would continue to get support if they remained with IBM. This assumption was inaccurate, and the IBM support was terminated with the end of life.
The biggest challenge was that the client moved from a single-server, on-premises hosted solution to a Cloud-Hosted (Azure) high availability and disaster recovery solution.
The upgrade, which began in Q3 of 2020 and was completed by the end of Q4, has delivered several tangible benefits for the client, including
Increased flexibility because of the shift to a virtual environment
Reduced maintenance and support, resulting from the migration to an appliance platform
Opportunity to review and refresh the entire environment based on the client’s updated requirements
Adapting to the new environment instead of implementing a completely new one
Significant cost savings because of the system handling the six million password resets instead of the internal support team.
As a result of our involvement in the IAM upgrade project, SecurIT has achieved a different status within the client’s company. This change enables our team to provide ongoing advisory services and to work closely with counterparts in the client’s company to support good governance and effective practices.