Siemens CIT Human Resources Solutions provides national and international IT applications for every individual key aspect in Siemens’ HR environment.
Compliant, secure and effective management of user accounts and roles is required to fulfill the strong legal regulations and operational requirements.
With its DirX Service HRS operates an Identity and Access Management System for request, reactivation, modification and deactivation of user accounts in various systems and cloud services (SAP and Non-SAP). Highlights are the easy to use Self-Service for the request of own access rights and role assignments, the comprehensive role management and real-time provisioning.
The presentation covers the organizational, operational and technical aspects of the implementation and service delivery.
The Europol IAM initiative started back in 2007 with the analysis of requirements and strategic planning, involving all key business stakeholders. Based on the results of this analysis and the strategic drivers identified, the implementation started in a phased process consisting of eight releases until now which has reached its current level of maturity. The solution nowadays serves a wide range of different groups of users, from internal employees of Europol, to the member state users and to national contact points.
As part of the project, a metadata management framework has been implemented to support the configuration of complex access requests and the various types of approvals required. Given that these differ between partners and units of Europol and depending on the users involved, this is a highly complex challenge. These processes support a variety of requirements, including
Core focus was put on the overall security architecture of the solution and also the implementation of extensive auditing and logging capabilities to fulfil the stringent security and data protection requirements. From a security perspective, a wide variety of rules and mechanisms have been defined and implemented to detect, notify and disallow form tampering, backend data manipulation, xss injection (Cross site scripting) and other form of attacks / manipulation, going far beyond pure audit logs commonly found in Identity Provisioning tools and supporting a broader view.
Besides these features, Identity Federation will be supported as well. That allows Europol to use strong two-factor-authentication mechanisms implemented in the participating organizations to be used together with the central solutions provided by Europol.