Last week I was in the US, visiting a new customer and helping them to roll their Identity Auditing/Cleansing and Role Engineering project.
Their original project time frame was planned to span from mid 2007 until end of 2009, with each atomic action as “generating one report”, which would take anywhere between a half to full day! As opposed to Eurekify/Sage where each atomic action takes approximately 5 to 10 minutes to generate a report.
Since they were not so familiar with the new product they had acquired, we spent the time generating cleansing reports. Within a couple of days, our working office looked like an “Auditing Command Room” where people were coming in and out to ask and get reports in order to cleanup old and potentially excess access rights and privileges.
The original scope for this week was one system: Active Directory, but as Active directory cleansing reports were generated in a matter of days, we quickly moved to cover 2 other major systems:
1. RACF
2. TAM (IBM)
The import of data from each system took a few hours, but the results were quite interesting and extremely fruitful.
We managed to:
1. Generate many different privileges cleanup reports for RACF and TAM
2. Evaluate the existing groups coverage and overlap of the RACF system
3. Re-engineer some of the groups (roles) of the RACF and prove that the RACF system can be optimized through this process.
In addition we began a mini compliance project in order to create the first set of compliance rules (SoD, SOX related rules), which produced an impressive list of violations to be cleaned.
The auditors were in cloud nine. Using this new solution gave them full control of their data and a quick way to generate reports and follow up on the cleansing process.
The Identify Auditing Management team, involved in this process, is now able to reassess the project time frame and of course reduce it substantially due to the implementation of Eurekify’s Sage.
Example of data preparation project layout:
If you want to talk with me about your Identity Auditing and Cleansing projects, feel free to contact me at:
isharoni@eurekify.com
Ilan Sharoni
http://www.eurekify.com/
