Date post: | 24-Jun-2015 |
Category: |
Technology |
Upload: | ibm-danmark |
View: | 318 times |
Download: | 0 times |
Identity & Access Management in VELUXWhy and How!!!
Henrik C. Lei, IT-Sikkerhedschef, VELUX
The VELUX Group
Established in 1941Approx. 10000 employees globally2600 in DenmarkSales companies in almost 40 countries Production companies in 11 countriesHead office in Hørsholm, DenmarkOwned by VKR Holding, a limited company wholly owned by foundations and familyVKR Holding turnover 17,8 mia. DKK in 2010.One of the strongest global brands in the building materials industryName and brand registered in almost 100 countries
Our point of origin
Decentral organization, including most HR functions
Central datacenters administered by Accenture
Local IT still in VELUX
Drivers:Inefficient on-boarding of new employeesInconsistent dataAudit findingsLabour-intensive processes
= Good foundation for IAM
How did we get going?
Long run-up
IT Strategy – The “Identity” term
HR and IT – Synergies
Pre-analyzis – AS-IS and TO-BE
AS-IS and TO-BE
Automation
Basic Well-defined Optimized
Present Phase 1 Phase N
Data collection through several systemsNo alignment of processes All requests are done manually
Data collection through one systemAlignment of processes Few request are done automaticly
Auto-mation
Data collection through one systemOptimization of processesMost request are done automaticly
Support personelData collector System Process
Time
Identity
Processes
Provisioning
Self-service
Reporting
1. One common corporate identity for each employee or other associated person • Ensure that all data related to one identity are linked which will heighten the usability and
remove sources of error
2. Global transparency of valid identity data• Ensure a global overview of identity data for optimization and reporting. Furthermore, the
transparency will improve risk management capabilities
3. Simplification and standardisation of the joiner, mover and leaver processes • Save time and resources for the managers and support functions and reduce obstacles and
sources of error
4. Agile identity handling and access management• Use automation to reduce time to execute and minimize errors.
1. One common corporate identity for each employee or other associated person • Ensure that all data related to one identity are linked which will heighten the usability and
remove sources of error
2. Global transparency of valid identity data• Ensure a global overview of identity data for optimization and reporting. Furthermore, the
transparency will improve risk management capabilities
3. Simplification and standardisation of the joiner, mover and leaver processes • Save time and resources for the managers and support functions and reduce obstacles and
sources of error
4. Agile identity handling and access management• Use automation to reduce time to execute and minimize errors.
Our vision
Bearing points
Capabilities
• Increased automation will continually be developed and prioritized by the project group• One user interface for all user identity
changes and user access changes• Role based acces control• Single sign-on
Applications
• Short term applications in scope: AD, Notes and SAP• More applications will be included
over time.
Identities
• One central repository for data• Full consistency of data between
companies• Rich data collection with possibilities
for local attributes
Capabilities
Ap
llic
ati
on
s
Identities
Vendor selection
It has been essential for us to to select a Vendor and not just a product
PoC based on a number of defined scenarios
Clean-up or redesign?
Status
Company type
Department C
Job
fun
ction
C2
Job
fun
ction
C1
Job
fun
ction
C3
Department B
Job
fun
ction
B2
Job
fun
ction
B1
Job
fun
ction
B3
Department A
Job
fun
ction
A2
Job
fun
ction
A1
Job
fun
ction
A3
HR org
SAP project
SAP role Z
SAP Transaction code 8
SAP Transaction code 9
SAP Transaction code 7
SAP role Y
SAP Transaction code 5
SAP Transaction code 6
SAP Transaction code 4
SAP role X
SAP Transaction code 2
SAP Transaction code 3
SAP Transaction code 1
Coordination between HR and SAP = Identity and Access Management
Top-level Management support is essential
Broad organizational involvement
Communication on the right level
Risk Management
Remember “legal matters”
IAM should not be an IT project
Be careful about being too ambitious
Things take time, don’t promise too much
Don’t underestimate the “organizational change” task
IAM is not a secondary task– it will become a coordination project
Do’s and Dont’s