Event Recording
Akhilesh Rajendran: Automation in Identity and Access Management Operation
An organization’s Identity and access management have always been a busy scene, even if the economy is growing or shrinking. IAM operations- the lifecycle management and maintenance of Identities is a resource intensive and costly process. By leveraging the right automation technology, CISOs can bring down the risk involved in IAM operations; Robotic Process Automation (RPA) being one among them.
So I hope everyone can see my screen. So the topic today, as I told in my introduction is about automation. So automation can be anything. It can go from chat bots. It can go to, you know, test automation or RPA, which is the bus word nowadays. Or it can go to AI. Now I have picked one of the key automation technology, which is robotic process automation, where, and my idea behind this presentation is to Oke some thoughts to let you think in a different way, by which how it and access management operations and their process can be fulfilled using RPA. Now, each organization's process may be different that it may be unique, but this, this, after this talk, I am sure that you'll have a different thought about fulfilling few of those applications or so those operations in a different way using RPA. So this is the agenda I want to cover today, the introduction which I have done, and I'll just give up like a high level prime around the RPA technology.
I'm pretty sure that whoever is attending is, should be able to know, you know, what RPA and on. And then the next one, I want to jump in on some of the key IAM challenges which I have seen among my clients and how RPA can address them. And next follow followed by couple of slides, which talk tells about the, the end end IAM life cycle, right from the identity creation to determination. And then what are the area? What are the things that is happening inside the IAM life cycle and then where, and all automation can be injected. And I have put few of the sample case studies also, which have tried tested and one with three of my clients. So that's all the, the agenda topic I want to cover today.
So I, as you can see, as I told, like, what is a robotic process automation? It's, it's basically a software which tries to automate your repeat and redundant processes. Say, if you want to provision a user ID to directory, you have hundreds of users. You have to engage someone to sit there and copy page from this application, this spreadsheet, and go to ad and then provision it it's the same repeat things, but you need somebody to do that. You know, that's a stress job, but otherwise it won't be happening. So that's where one of the use case, which I'm saying that where we can introduce some kind of automation here, I'm saying about robotic process automation. So what robotic process automation is like is something which can, which can take out the redundant and make the resource free and use them in more, you know, more high, skilled job rather than doing this. Repeatity where redundant operations and its been tested and proved as most of you maybe knowing about the cost saving the time saved about and the error reduction. And that's one of the key thing that is one of the salient features of RPA, the, the number of reduction in the error, especially in the data entry, especially in the provision in the provisioning processes. We'll, we'll get into more details on that.
So next, this slides talks about a few of the challenges that I've seen on the left side. You have the challenges, the identity and access management challenges and, and correspondingly. I am trying to pitch in the benefits that you may be able to get by leveraging RPA. One is the, the, the, the top of the top challenges you have keep on hearing from the CSOs are the governance and compliance requirement. You know, if somebody's doing that, the documented somewhere, are they doing the logs? Are the, are they doing the deprovisioning right on time? So those kind of compliance requirement and that's where, how the JML is happening. So those kind of SOS requirement compliance requirement is very key to all the organization. And that's where these real time user deprovisioning or termination and synchron identification of users, and then notification of the policy violation, all these kind of things can be done through the using bots, which is the RPA technology.
And the interesting thing, another interesting thing is about all the RPA technology. They are able to give you a very detailed lock files, which tells about what the board did at, at, for each identity, touched at a time and second level details also. And that's another, so, you know, compliance requirement that most, most organization standards wants. And that's also fulfill next one is about the, the data hygiene on the user identity, which you may be knowing about the, you know, the, the data comparison data valid and all the, the removal of the ghost accounts, which all the organizations have, but due to the legacy applications. And also, so those cleanup activities and increasing the data hygiene identity data hygiene is another thing that can be achieved. Overpaying licensing fee. So many times the Licens are been tied to the identity. And then once it has been provisioned, it's, it's like, it's very hard for a big organization to track it.
If somebody goes out or somebody changed the roles over the time, he or she can be in the same organization, but he may have changed their role. But since they're already in the organization, the, the, the cloud company or any other software vendors, they'll be still be charging money for them, even though she or he maybe not be using it. So that's where the automated deprovisioning and entitlement review, it's very key. And that's, that's kind of a timely, you know, automated, if you timely automate those processes, this cost can be, you know, can be taken out engaging employee productivity. As I mentioned earlier, the, you know, repurpose not take away the staff, but repurpose those IAM staff to more value added things, rather than just doing the repeat task, thereby you can save some cost also and add more value and motivation for the employees also in consistent and grand for, I am processes.
So many of the IA process that we have seen have been done or been implemented like maybe 10 or 15 years back when they had that much visibility to the scalability of how the identity and access management phase can develop to. And many of the processes are being, you know, very redundant with a lot of bot index, which can be avoided. And also when these start implementing the RPA, one of the first things which I normally do is streamline the process and optimizing the process. And then on top of that only we add the automation components. So it's, this is an indirect benefit of using the RPA operation staff enable, especially during, in this pandemic. There, we, we have seen in the past one year where the number of contracting staff or the temporary staff or furloughs, all those things has to do with the identities.
They have to temporary provision or engage, or the provisioning identities on a large scale. If you see all these Walmart or in stock and all, they have to onboard a lot of people who are engaged in this or contingent staff or engagement at the same time, soft deleting the for load staff. So, and there may not be available of staff to do this operations. So that's where another use case where the boards, which can work 24 bar seven to 365 days come into business and they can help you out there. The next one, the last one I have on here is the access certification process, which, you know, how the ER are very important and how hard is to track each application owners, get them do that. And then if it, if it is a global application, which multiple languages involve multiple application, it's, it's add the dimension to, and that's where we can employ the bots to do the access review, chase the people, even in multiple languages, you can have the bot talk to them.
And once you get the, the, you know, the entitlement approval or disapproval, they can go and update the specific system source of truth or, you know, or spreadsheet, or however the organization manage it. So these are the kind of high level challenges and the experiment benefits that I could see. And I've seen that in real time with the organization, this life talks about the, I am life cycle from the current state. Like I, as you can see on the left, you have all these employee HR events, which triggers the joint and more liver. It comes to the source of truth and, and, and the use in need of a cleanup. And then this hand, assuming that an organization has an access management tool, which takes care of all the connected application de provisioning up de provisioning and provisioning, but there are lot of other things that, that an organization has to do, especially if there is, you know, disconnected applications and with respect to certification onboarding ticketing and the custom reports.
So this is not like a, like a, this gives you a high level view of the, the things that is happening in the I am spectrum. And here we can see the area where we can see the right candidates, what we, the use cases that we will be able to use the, the RPA first with the data cleaner, which we already spoke about the application onboarding. We do the disconnected applications. We will be able to use RPA to collect the required questions automatically from the application or the, or the system, especially with active directory based integrations. Then, then they can provide the bots can provide that to the, to the sale point or the savings, which they can take up in upstream and do the integration, onboarding data cleanup. I already spoke about that access certification. I already spoke about how bots can do that.
Now here on the right hand side is where I have highlighted about the decoupled application, where you may need to have a ticket created in a ticketing system like ServiceNow remedy. We don't need somebody to sit there and do create a week we and have bot to create that. And once that is created, we can have bot to go to the, the applications non-connected legacy application and provision there. And then the bot can come back and then update the ticket and do the necessary steps there forward. At the same time, bot will be able to create custom reports of how you are adding the landscape or the analytics based on the KPIs unified bot will be able to create those kind of the custom reports also.
And lastly, we have few use cases have told about the user data cleanup, which is a very popular use cases of RPA and I access management, where you have the user data from multiple resources like active directory, or, you know, HR system, which may not be updated and many places, many, many, many places where they are trying to implement sale point or save or IM tool they're having faces the problem with the identity, use data hygiene, where the boards can come and talk to multiple system polite, or create a consolidated data sheet. And they can correct it based on which source of truth or the what kind of rule we define and then update to the active directory or which system you want the bot to update it. So, so this can be achieved very easily and it can save a bunch of time and resources also for you.
Next one, I have couple of use cases again, on the compliance requirement and follow ups. As I mentioned, the bots can log on to the GRC or an IAM system create custom reports of the access and status exceptions. It can note down, you know, what priority that we set up on and, and trigger the emails and status and exceptions and all, and then auto email reminders to manages for, for their actions. Same thing with the ticket creation, where bot can pull in the input details from the HR system, create new tickets in the service now, or remedy, and they can reduce the appropriate active directory or the group or the role and boards can easily do that. Based on the rules we set either based on spreadsheet, or it can be, go and check on another table where we have defined what kind of role they want, and then provision accordingly for each user for the specific active directory or which are, which, however groups you want to do it, then come back to this ticketing system update, whether their ticket is being fulfilled, or you need a second level of thoughts and then email the managers of the status.
And, and there can be, I, I can see that there can be a lot of negative scenarios also. So how I do it is like, how do the happy path automation? And then after that, we, once that is stabilized, we come up with these exception scenarios, pick up the exception scenarios and make that process still like 80 to 85 percentage. Correct. And then I, I know that there are few cases where bots won't be able to do that and those kind of thing, then bots can assign to specific person that we designate and where they need really a manual intervention. But the number of tickets which can be automated goes from zero to 60 to 80, or depending on how the process stability you have. So that's where the beauty of the RPA and the bots come in saving at least 70 to 80% of the time that you invest in this or provisioning, deprovisioning and other. I am operations. That's all I have. I think I have kept my time and this is my conduct details. If anybody wants to reach out to me in person, I'll be happy to discuss more.
I'm pretty sure that whoever is attending is, should be able to know, you know, what RPA and on. And then the next one, I want to jump in on some of the key IAM challenges which I have seen among my clients and how RPA can address them. And next follow followed by couple of slides, which talk tells about the, the end end IAM life cycle, right from the identity creation to determination. And then what are the area? What are the things that is happening inside the IAM life cycle and then where, and all automation can be injected. And I have put few of the sample case studies also, which have tried tested and one with three of my clients. So that's all the, the agenda topic I want to cover today.
So I, as you can see, as I told, like, what is a robotic process automation? It's, it's basically a software which tries to automate your repeat and redundant processes. Say, if you want to provision a user ID to directory, you have hundreds of users. You have to engage someone to sit there and copy page from this application, this spreadsheet, and go to ad and then provision it it's the same repeat things, but you need somebody to do that. You know, that's a stress job, but otherwise it won't be happening. So that's where one of the use case, which I'm saying that where we can introduce some kind of automation here, I'm saying about robotic process automation. So what robotic process automation is like is something which can, which can take out the redundant and make the resource free and use them in more, you know, more high, skilled job rather than doing this. Repeatity where redundant operations and its been tested and proved as most of you maybe knowing about the cost saving the time saved about and the error reduction. And that's one of the key thing that is one of the salient features of RPA, the, the number of reduction in the error, especially in the data entry, especially in the provision in the provisioning processes. We'll, we'll get into more details on that.
So next, this slides talks about a few of the challenges that I've seen on the left side. You have the challenges, the identity and access management challenges and, and correspondingly. I am trying to pitch in the benefits that you may be able to get by leveraging RPA. One is the, the, the, the top of the top challenges you have keep on hearing from the CSOs are the governance and compliance requirement. You know, if somebody's doing that, the documented somewhere, are they doing the logs? Are the, are they doing the deprovisioning right on time? So those kind of compliance requirement and that's where, how the JML is happening. So those kind of SOS requirement compliance requirement is very key to all the organization. And that's where these real time user deprovisioning or termination and synchron identification of users, and then notification of the policy violation, all these kind of things can be done through the using bots, which is the RPA technology.
And the interesting thing, another interesting thing is about all the RPA technology. They are able to give you a very detailed lock files, which tells about what the board did at, at, for each identity, touched at a time and second level details also. And that's another, so, you know, compliance requirement that most, most organization standards wants. And that's also fulfill next one is about the, the data hygiene on the user identity, which you may be knowing about the, you know, the, the data comparison data valid and all the, the removal of the ghost accounts, which all the organizations have, but due to the legacy applications. And also, so those cleanup activities and increasing the data hygiene identity data hygiene is another thing that can be achieved. Overpaying licensing fee. So many times the Licens are been tied to the identity. And then once it has been provisioned, it's, it's like, it's very hard for a big organization to track it.
If somebody goes out or somebody changed the roles over the time, he or she can be in the same organization, but he may have changed their role. But since they're already in the organization, the, the, the cloud company or any other software vendors, they'll be still be charging money for them, even though she or he maybe not be using it. So that's where the automated deprovisioning and entitlement review, it's very key. And that's, that's kind of a timely, you know, automated, if you timely automate those processes, this cost can be, you know, can be taken out engaging employee productivity. As I mentioned earlier, the, you know, repurpose not take away the staff, but repurpose those IAM staff to more value added things, rather than just doing the repeat task, thereby you can save some cost also and add more value and motivation for the employees also in consistent and grand for, I am processes.
So many of the IA process that we have seen have been done or been implemented like maybe 10 or 15 years back when they had that much visibility to the scalability of how the identity and access management phase can develop to. And many of the processes are being, you know, very redundant with a lot of bot index, which can be avoided. And also when these start implementing the RPA, one of the first things which I normally do is streamline the process and optimizing the process. And then on top of that only we add the automation components. So it's, this is an indirect benefit of using the RPA operation staff enable, especially during, in this pandemic. There, we, we have seen in the past one year where the number of contracting staff or the temporary staff or furloughs, all those things has to do with the identities.
They have to temporary provision or engage, or the provisioning identities on a large scale. If you see all these Walmart or in stock and all, they have to onboard a lot of people who are engaged in this or contingent staff or engagement at the same time, soft deleting the for load staff. So, and there may not be available of staff to do this operations. So that's where another use case where the boards, which can work 24 bar seven to 365 days come into business and they can help you out there. The next one, the last one I have on here is the access certification process, which, you know, how the ER are very important and how hard is to track each application owners, get them do that. And then if it, if it is a global application, which multiple languages involve multiple application, it's, it's add the dimension to, and that's where we can employ the bots to do the access review, chase the people, even in multiple languages, you can have the bot talk to them.
And once you get the, the, you know, the entitlement approval or disapproval, they can go and update the specific system source of truth or, you know, or spreadsheet, or however the organization manage it. So these are the kind of high level challenges and the experiment benefits that I could see. And I've seen that in real time with the organization, this life talks about the, I am life cycle from the current state. Like I, as you can see on the left, you have all these employee HR events, which triggers the joint and more liver. It comes to the source of truth and, and, and the use in need of a cleanup. And then this hand, assuming that an organization has an access management tool, which takes care of all the connected application de provisioning up de provisioning and provisioning, but there are lot of other things that, that an organization has to do, especially if there is, you know, disconnected applications and with respect to certification onboarding ticketing and the custom reports.
So this is not like a, like a, this gives you a high level view of the, the things that is happening in the I am spectrum. And here we can see the area where we can see the right candidates, what we, the use cases that we will be able to use the, the RPA first with the data cleaner, which we already spoke about the application onboarding. We do the disconnected applications. We will be able to use RPA to collect the required questions automatically from the application or the, or the system, especially with active directory based integrations. Then, then they can provide the bots can provide that to the, to the sale point or the savings, which they can take up in upstream and do the integration, onboarding data cleanup. I already spoke about that access certification. I already spoke about how bots can do that.
Now here on the right hand side is where I have highlighted about the decoupled application, where you may need to have a ticket created in a ticketing system like ServiceNow remedy. We don't need somebody to sit there and do create a week we and have bot to create that. And once that is created, we can have bot to go to the, the applications non-connected legacy application and provision there. And then the bot can come back and then update the ticket and do the necessary steps there forward. At the same time, bot will be able to create custom reports of how you are adding the landscape or the analytics based on the KPIs unified bot will be able to create those kind of the custom reports also.
And lastly, we have few use cases have told about the user data cleanup, which is a very popular use cases of RPA and I access management, where you have the user data from multiple resources like active directory, or, you know, HR system, which may not be updated and many places, many, many, many places where they are trying to implement sale point or save or IM tool they're having faces the problem with the identity, use data hygiene, where the boards can come and talk to multiple system polite, or create a consolidated data sheet. And they can correct it based on which source of truth or the what kind of rule we define and then update to the active directory or which system you want the bot to update it. So, so this can be achieved very easily and it can save a bunch of time and resources also for you.
Next one, I have couple of use cases again, on the compliance requirement and follow ups. As I mentioned, the bots can log on to the GRC or an IAM system create custom reports of the access and status exceptions. It can note down, you know, what priority that we set up on and, and trigger the emails and status and exceptions and all, and then auto email reminders to manages for, for their actions. Same thing with the ticket creation, where bot can pull in the input details from the HR system, create new tickets in the service now, or remedy, and they can reduce the appropriate active directory or the group or the role and boards can easily do that. Based on the rules we set either based on spreadsheet, or it can be, go and check on another table where we have defined what kind of role they want, and then provision accordingly for each user for the specific active directory or which are, which, however groups you want to do it, then come back to this ticketing system update, whether their ticket is being fulfilled, or you need a second level of thoughts and then email the managers of the status.
And, and there can be, I, I can see that there can be a lot of negative scenarios also. So how I do it is like, how do the happy path automation? And then after that, we, once that is stabilized, we come up with these exception scenarios, pick up the exception scenarios and make that process still like 80 to 85 percentage. Correct. And then I, I know that there are few cases where bots won't be able to do that and those kind of thing, then bots can assign to specific person that we designate and where they need really a manual intervention. But the number of tickets which can be automated goes from zero to 60 to 80, or depending on how the process stability you have. So that's where the beauty of the RPA and the bots come in saving at least 70 to 80% of the time that you invest in this or provisioning, deprovisioning and other. I am operations. That's all I have. I think I have kept my time and this is my conduct details. If anybody wants to reach out to me in person, I'll be happy to discuss more.
Video Links
Stay Connected
Related Videos
How can we help you