Management View

Business Objectives

Traditional methods of managing identity information are neither secure nor cost-effective and put businesses at risk. User access must be created, disabled or modified across multiple IT systems in response to thousands of everyday business events, with permissions that conform to your organization's business and security policies, with a complete audit trail and at the prescribed time. Failing to fully and accurately perform these activities creates significant security and compliance risks and business interruptions, yet many organizations accept these outcomes due to the enormous cost of identity administration.

Rolta’s Identity as a Service (IaaS) (powered by Fischer International) offering increases security, mitigates risk, simplifies compliance and reduces administrative and help desk costs by automating and auditing identity administration throughout your IT environment in accordance with your business and security policies.

Solution

Rolta’s IaaS solution provides your organization with highly-effective and efficient ways to manage user access to IT and physical resources in response to everyday events. Organizations may choose to deploy IaaS in a highly-customized fashion to precisely model complex business processes, or may choose from the following turnkey IaaS services that are optimized for low-cost and extremely fast roll-out (from one to thirty days) following minimal configuration.

• Password Reset and Synchronization Service: cut your password-reset and help desk costs while keeping users productive by allowing them to quickly reset their forgotten passwords. Strengthen security by automatically enforcing password policies while reducing the number of passwords to remember.

• Access Termination Service: prevent the cost and brand damage of security breaches by immediately revoking access to customer data, financial information, and other sensitive corporate assets.

• Role & Account Management Service: quickly create a streamlined, auditable process for providing and removing user access to IT and physical assets via user self-service requests. Assets may be grouped and viewed however you need: by function, department, or by “role” to create an effective role-based access control (RBAC) environment. All request, approval, and fulfillment activities are automatically tracked.

• Automated Role & Account Management Service: automatically add/change/revoke user access to IT and physical assets based on real-time business events (e.g., hire, termination, promotion) - all in compliance with your business and security policies. (also includes Role & Account Management Service)

• Privileged Account Access Service: avoid security breaches, fraud, and compliance violations resulting from uncontrolled access to Administrative, Super User, Root, Fire Call, and other privileged accounts.

• Identity Compliance Service: speed and simplify audits with an automated user access control framework for complying with Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, FERC, and other regulations. Prove Separation of Duties, identify/remediate policy violations, and quickly create reports for auditors.

The Identity as a Service™ (IaaS™) offering from Rolta is hosted at Rolta’s secure hosting facilities and is implemented, maintained and supported by Rolta’s experienced IdM consultants.

Approach

Rolta is able to provide organizations with immediate results and value due to our consultants’ deep identity management and system-specific expertise, and the IaaS offering’s ease of configuration, ability to conform to existing business processes, and out-of-the-box interoperability.

Business Value

The Identity as a Service offering provides organizations with immediate value, an ROI measured in days and a TCO that is far lower than competitive identity management solutions. Additional business values include:

• Protection from security breaches (and associated cost/impact)

• Increased user productivity

• Increased business agility & responsiveness

• Higher service levels

• Lower-cost and less-disruptive compliance audit and reporting

• Reduced operational costs

• Right size services based on systems and users, with reduced up-front costs

• Pay-as-you-go subscription model (pay as value is delivered)

• Mitigate risk of technology selection

• Predictable value, costs, business results

• No capital budget expenses

• Keep IT staff focused on or core-business and customer-facing applications

• Enable migration between IaaS and on-premise models

Technical View

Technical Issues

Identity information commonly resides in directories or databases that are unique to specific business systems. The way in which identity information is stored (e.g., data format/schema) is also typically unique to each system, making it difficult to easily share or synchronize identity information using home-grown applications. This lack of interoperability necessitates performing identity administration tasks manually or acquiring an identity management solution that can automate data transformation tasks, account creation/revocation, orphan account detection and so on. While traditional identity products can automate these tasks, the effort to deploy such solutions is not trivial with costs escalating to several million dollars over a three year deployment. Additionally, traditional identity products are frequently based on aging codebases that cannot easily scale to meet the volume demands of today’s business, need for immediacy or need to support business processes that span outside the enterprise.

The Identity as a Service offering provides a lower-cost and more readily accessible alternative to the traditional identity deployment and with more flexibility and power than competitive solutions. The Identity as a Service offering is built on an interoperability platform that accelerates and simplifies data exchange between disparate systems and comes with out-of-the-box connectors, business processes (e.g., workflows, approvals) and other pre-built identity objects that require no or minimal configuration to be put into production at your site.

Solution Components

Rolta’s Identity as a Service offering (powered by Fischer International) is based on an SOA-compliant, multi-tenant architecture composed of multiple identity services, including user provisioning, compliance and audit, password management, user self-service and high-privileged account management. The offering is hosted and maintained at Rolta's secure data center facility. An appliance, the Global Identity Gateway (GIG), is installed at your facility to provide Rolta with a secure, intelligent connection to your systems and applications. More specifically:

• Communication between the GIG and 3rd-party connected systems (or between “agentless” connectors and 3rd-party connected systems) is usually within the same domain, rather than across the Internet. Communication can be protected by TLS/SSL.

• When communicating via Web Services, either PKI or TLS/SSL can be used to secure communications as long as the 3rd-party system or application supports the method. PKI can also be used to secure communications between Fischer servers and 3rd-party SOAP or .NET clients.

• Configuring a GIG provides dynamic creation of encryption keys so that each installation automatically has a unique encryption key.

The following turnkey IaaS services are available and are optimized for low-cost and extremely fast roll-out (from one to thirty days) following minimal configuration.

• Password Reset and Synchronization Service: cut your password-reset and help desk costs while keeping users productive by allowing them to quickly reset their forgotten passwords. Strengthen security by automatically enforcing password policies while reducing the number of passwords to remember.

• Access Termination Service: prevent the cost and brand damage of security breaches by immediately revoking access to customer data, financial information and other sensitive corporate assets.

• Role & Account Management Service: quickly create a streamlined, auditable process for providing and removing user access to IT and physical assets via user self-service requests. Assets may be grouped and viewed however you need: by function, department, or by “role” to create an effective role-based access control (RBAC) environment. All request, approval and fulfillment activities are automatically tracked.

• Automated Role & Account Management Service: automatically add/change/revoke user access to IT and physical assets based on real-time business events (e.g., hire, termination, promotion) - all in compliance with your business and security policies. (also includes Role & Account Management Service)

• Privileged Account Access Service: avoid security breaches, fraud and compliance violations resulting from uncontrolled access to Administrative, Super User, Root, Fire Call and other privileged accounts.

• Identity Compliance Service: speed and simplify audits with an automated user access control framework for complying with Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, FERC and other regulations. Prove Separation of Duties, identify/remediate policy violations and quickly create reports for auditors.
  
  

Implementation

Organizations simply choose the desired identity services and Rolta’s expert team configures the required connectors and creates/modifies policies, workflows, approvals, customized self-service web pages and other identity-related objects at the hosting site, then rolls-out the solution when ready.

How Does it Fit and Why is it Different?

Identity management is a business imperative for organizations of all sizes due to the security and business risks that accompany manual identity administration. For the first time, any sized organization can afford Identity Management because our solution makes it simple, low cost and no risk. Rolta’s hosted identity services and expertise provides the breakthrough you need to securely manage passwords, onboard and offboard employees and contractors and comply with regulations like Sarbanes-Oxley, HIPAA, FERC and Graham-Leach-Bliley.