Event Recording

How to innovate your Identity Governance and Administration program

Log in and watch the full video!

The Holcim EMEA digital center has received the EMEA innovation award in 2021 from their IGA program.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Hello everyone. Good morning. And thank you for joining me on this session at the detail. Say, I'm going to, to talk about innovation, about how to innovate in Angelica program. At the beginning, I have to confess that I present, I speak with the detail, how to innovate in program at the level to be awarded by your vendor because we got the main innovation award by, by SalePoint. And basically what I'm going to do on this session is to explain you all, how we are doing, how we are innovating in our ego program, but with practical example. So it is a really practical presentation focus on for clear topic that I will proceed to explain. So regarding to the agenda for item for today, I will start explaining who we are just a there little bit about our program. Next, if I'm going to talk about business innovation, I will try to explain or to define what is business innovation and just a there at the end, I will provide a sample explaining how to innovate around sale point to be more precise on this topic, who we are.
So we are a company in the contract material segment. So we have been producing readiness and aggregate all our life. And we are now investing, researching on expanding our business with new business material solution. We are trying to make the, the cities greener and sohow researching at mass as possible in order to improve the living standard. This is the company in the new sale and, and speaking about it. So we are basically spreaded around the world. You can see here in blue, all the countries where we have business and basically in it, we have three digital center. So far, we have one in south America in colo. We have another one in national Pacific located in India. And the last one is, is in EA. This is where I'm currently working and where I'm managing the, the user life cycle department from arid. Okay. Just tell you a bit about our entity governance and administration program.
So you can see here, the number of identities that we have is almost 28,000 at related the countries where we are providing super, this is 35 so far with, we are supporting people with speak 23 different language. So it's at a bit of the complexity to the environment and to the setup. And the number of the application is considered high. This is 130. So we have all kind of application just to not mention the more basic ones such as directory, the collaboration piece, S I cell for.com, ASFA ServiceNow, all the one that you guys can imagine in the top market area. What else? So let us try to explain what this business innovation. So I'm going to talk on this session about business innovation. Let us make a, a quick definition about what it is. So this is very information, got it from Wikipedia and from other source, this is not something that I have defined by myself, but I think that it explain quite well what it is.
So business innovation, one of the definitions said that it is when companies implement new process ideas services in order to border the bottom line. Okay. All of the definition with like me is business innovation is the process to make something new with better, serve the business, with support, to better achieve the business of the, this, and the last one to not repeat too much myself business innovation is, is when our organization introduce new pro services or product to affect the positive chain on their business to contribute on the, on the positive changing. Okay. So yes, our very foundation definition. And now let us go straight directly to the nice piece, to the practical piece, how to innovate on your identity governance and administration program. So here I'm, I'm going to tell you for example, sorry, but I have no time for more. And I would like to have some time at the end for question and answer.
So the fair one that I going to explain to you is about dynamic infrastructure. So how we can do our infrastructures to, to scale up and scale down on demand and to maximize the efficiency of the infrastructure nowadays running the cloud, this is possible for service services and for Schutze possible for identity in governance and administration tool. The next one is related to risk based target certification. So for the one working in the workforce in the identity governance supports that I'm not the only one struggling with the, with the certification campaign. So I'm going to explain you how we have move it from a standard certification or certification process to a new process just based on race, okay. Where we really certified what really matters to the business are not everything. Next one is about continuous integration and deployment. I'm going to explain you how we move from code to production deployment.
The step that we follow, how we automatize the process and how we implement per programming in order to ensure that the develop men, don't one by one person who review it by another person in order to have more control. And last but not least, I, I will explain you how we are leveraging data in our identity government administration program to get insight and to, and to make some report, which RDN are adding value to the business. So to explain dynamic infrastructure I have here quick video. So if you can play perfect, really good. So as you can see here, I have a server, just one in AWS running right now. You can see here, the server, the CPU is normal. There is everything under control. And here in this piece, we have a cell point and now I I'm going to run a task. This is a customizes version of the refresh employees.
Is it customizes in order to create a lot of threat in order to increase a lot of the, the CPU for the purposes, as you can see, the task has started to run in the survey in the same one that I have here, and you will solely see how the CPU utilization has increased. So it is consuming more. So it means that the server that I have is overloaded. Okay. So I have some threshold defined based on FPU memory and when this is high, it is automatically scaling up the server. So as you can see here, I have a new server and some China will be discovered by our IQ and start to picking up data, balancing the workload with the system server that I have. And we are certainly follow the same approach for the sky, for the scale up and scale down. Okay.
It's true that the policies that we are following are not the same for the UI and for the batch server. So what we try to maximize, or, or to keep as best as possible is the user experience. So, and you know that even if you have low balance, the, at the end registered to one way or another, so we check that there is no user connected before scale down, but for the budget, we can basically scale up and down at, at any time, depending just in the workload, depending just in the, in the task that we have running, okay, let me change the remote controller. So the next thing that I'm going to, to speak to you is about the certification. So the first thing that I'm going to do is to explain the problem statement, suppose this, it is not my problem, suppose it will be your problem again.
So when we are started with this process, we quickly realized that the, that the level of UNE is not so high. So we have a lot of people with were not following the certification process, not taking the atune. And at the end, we have the certification automatically closed it and, and automatically approve it or adjusted, but the atune was not decided. So hotel, we have a debate, which is quite common regarding to the most appropriate person to approve a certificate. Is the manager the best one, appro a certificate in the, or should be application gatekeeper in a business, such as us, where we have people in the contract or material. Sometimes the manager are not familiar with the name of the SAP role, for example, and they not, they do not really know what they are approving or rejecting. So it's another free standpoint that we have in the certification process.
Another one is a face number of it. It could be a effective number of user to review number of permission to review one of the comments comment that I have received it many times is why some, why I need to review on 35, the payroll role, when it is supposed, that every single employee has to be able to download the payroll. So does not make sense. And the last one is relevant items included in the certifications, such as the one that I have just mentioned. So what we did start working in another definition about risk. So if you want to perform certification based on risk, the first thing that you have to do is to define a recess score. Okay? So in our case, the recess score go from zero to 1000 and taking in consideration these values, we have to be able to calculate and to calculate.
And I'm explaining here the, the formula that we are using in AC manner. So there is from two different it from policy or from the application assets. So in the cases where it is coming from policies, we are very sickly, splitting the policies in two different areas. Fair one is regarding two segregation of duties. And the second one is administrative assets in the application. So obviously if we have a guy who is able to create purchase order and to approve this purchase order, we will have a segregation of beauty conflict, and it will contribute to increase there risk. If we have a guy who is able to make the payroll and also to release the payment. So we will have a segregation of this conflict, which highly contribute. And in the application side, we are very sickly splitting the reach between the application, which are internet exposure and the one which are only Accessable in our internet.
Okay. In order to, to divide then, okay. So moving forward, once we implemented this approach based on risk, so our results significantly changing. So the first thing that I would like to, to show, to use that we are able to get some frame and to categorize the risk that we have, as you can see in the lowest area, we have the majority part of our identities at 58%. However, on the other side, the one with high risk, really not that much, because we are really able to identify what really matter and what is really important to 35. So as you can see here in one side is 58% and the other is, is zero. But the number of entities is just 45. So we can also see at a tile risk per identity. So this is here, just a, a screenshot for one of the identity.
We can see that in this case, the research score is 451, and we can see from it is coming so we can see how much it is coming from policy simulation and how much it is coming from the application with this, what we call here, compensated the score. Okay. And once we implemented this approach, our results drastically improvement. So this is the kind of result that we are getting an 80 per an 83% on this certification with was not by test five day to be expired. Okay, good. Let us move to the next topic. It, wait a bit before play the video. I would like to make a quick introduction. So here, I'm going to explain how we are releasing the code, how we are managing the code, how we are implementing continuous deployment and continuing integration in our identity and asset management system, what process we follow and what tools we are using. You can play please.
Perfect. So basically we are implementing pie lines. As you can see here in one side, we have, this is the repository that we are using for the code. And on the other side, we have Jenkins. Jenkins is a common tool. This is open source, and basically we are integrating it with our IQ to make the deployment. So the first thing here is just a committing the, in the code. So once the committee is done, we are sending the information from, from the GI hat, clean to the GI repository. Once the code has been sent to GI hat, we have wet hood. We are sending the information here to ya. So basically once the code has been posted to get cut is automatically deploy the code to our quality environment. So at this moment, it is tested and it is, and it is stopping in a process where the, the developer or the user can, whatever it will be necessary.
So as you can see here, also, the, the workflow is a stop. It is a stop it because once we with deploy in quality, we request, appear to review and to approve the code. So basically what we can do here is have another person approving based on the change that the other person has to, and once approve it is automatically transported to product everything in an automatic way. Okay. And the last thing that I'm going to talk, suppose I still have a couple of minutes. Three. Okay, perfect. More on and off. Okay. So the next thing that I'm going to to explain is about how to leverage data to get inside. Okay. So basically one of the development that we have done here is based in a plank. So we have connected Splunk with our I IQ database, and we are using a SP plank in order to, to make better graphics or to better represent some information.
So, as you can see here, this is a screenshot of one of the graphic. And here we can see data request that we have pair. So we have many course or many countries where we are offering services and here we are showing them how they are doing in ques, okay. And, and it really help us to improve our transparency and, and to foster and to promote what we are doing. Another value graph or cap that we are sewing for is go items Pering for more than two days. So when there is a work it pending for more than today, normally meaning that the person who has to approve is out of the office or cannot take the decision for whatever, if so, so it is important for our stakeholder in the countries to know what is stack and to know what, what he has to be pro professors, and what is the prepared person to contact with, if any of them are, are not progressing and not only that.
So another thing that we are doing is analyzing the trends and generating if something unexpected happen, as you can see here, I have put the photograph with a allow to realize about one issue. So as you can see here, the number of TT created per day is between 200 and 250. And one day suddenly it decreases to zero. It means in our case, a failure in the, in the join profit that we have defined due it to an incorrect modification that we did. So this alerting and entrench, and really giving data saying here, you can, you can see in a similar way, but for the rehired event and unless, but not least just here on a screenshot. So when the data or the kind of alert that we are getting, if something is somehow not following the, a average that we are getting. Okay. And that's it. Thank you so much, everyone.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00