Successful Real-World Implementations of Identity and Access Management

Transcription

1 SUCCESSFUL REAL-WORLD WHITE PAPER IMPLEMENTATIONS OF Successful Real-World Implementations of Identity and Access Management Executive Summary E-business can deliver unprecedented levels of efficiency, increased market share, exceptional customer loyalty and new revenue streams. As such, enterprises are moving more applications online, providing access to more users and building advanced portals for employees, customers and partners. However, managing users and their access to information has become increasingly difficult especially in the context of complex, multi-vendor environments. Organizations face many challenges, including escalating costs and inefficiencies, poor user experience and increased security risks and government regulations. WHITE PAPER Identity and access management (I&AM) provides an effective way to manage online identities and control access to resources. Users gain single sign-on access to multiple applications, even across business boundaries. Specifically, I&AM solves many of the challenges of e-business. Components of I&AM include access management, user management, provisioning, authentication, federated identity management and data stores. These components should work together as an efficient, intelligent system. In the real-world implementations outlined in this white paper, leading enterprises from a wide range of industries have implemented various components of I&AM for a total integrated solution that meets their specific business objectives. Their stories reflect the experiences of organizations across the globe that are successfully using I&AM to reduce costs, increase profitability, build competitive advantage and meet the requirements of regulations. RSA Security is proud to be their I&AM strategic partner.

2 TABLE OF CONTENTS I. THE CHALLENGES OF E-BUSINESS PAGE 1 II. III. IV. SOLVES THE CHALLENGES COMPONENTS OF REAL-WORLD IMPLEMENTATIONS OF IDENTITY & ACCESS MANAGEMENT i. Banking Industry ii. Insurance Industry iii. Retail Industry iv. Healthcare and Life Sciences Industry v. Manufacturing Industry vi. Energy Industry vii.technology Industry PAGE 2 PAGE 3 PAGE 4 PAGE 4 PAGE 5 PAGE 7 PAGE 7 PAGE 8 PAGE 10 PAGE 10 V. WHY CHOOSE RSA SECURITY FOR I&AM? PAGE 12

3 I. THE CHALLENGES OF E-BUSINESS Enterprises today are under intense pressure to extend their use of the Internet as a business-enabling platform to achieve unprecedented levels of efficiency, capture market share, increase customer loyalty and generate new revenue streams. This means moving more applications online; providing access to more users; and building advanced portals for employees, customers and partners. Ensuring that the right user gets access to the right information at the right time becomes extremely hard to manage. Adding to the difficulty is the fact that systems have evolved into complex, multi-vendor environments. While the openness of the web enables innovation, it requires organizations to effectively manage security risks, protect against unauthorized access and identity theft and comply with privacy and data protection regulations. Furthermore, this must be accomplished in the context of collaborative business, as applications and business processes are increasingly outsourced to service providers and information is continually exchanged with external partners. As leading enterprises the world over are striving to meet their strategic goals for e-business, they face many critical challenges: Escalating costs of user administration. When large user populations are constantly in flux and user profiles and access policies continually changing for a large volume of applications, the cost of managing identities and access can easily get out of control. User additions, deletions, status changes and updates must be made quickly and accurately for every application. Inefficient processes tie up valuable IT personnel and inevitably increase costs. Increased security risks. Exposing mission-critical applications and sensitive data to the Internet increases security risks. If an unauthorized user gains access to information, the effects could be catastrophic ruining an organization s reputation, reducing shareholder value, or setting the stage for civil litigation. Growing number of regulations. Companies face a growing number of regulations that have broad implications for information security. Governments worldwide are mandating the protection of information, whether it s to safeguard consumer privacy for health and financial records, ensure data quality in the production of drugs or re-establish trust in financial reporting systems. Common threads across these laws are requirements for ensuring that only authorized users gain access to information and the ability to control and examine user activity and produce robust audit trails. Problems caused by passwords. Password usage is a huge nuisance for users, who are often forced to remember many complex passwords for the various systems and applications they access. Equally important with many organizations supporting dozens of distributed password systems is the fact that passwords are costly to administer and a major security threat, due to their inherent vulnerability and the lax practices of some users such as selecting obvious passwords. When forced to use complex passwords, users often write them down or forget them and call the help desk. Unproductive online experiences. When users must continually log on and enter passwords, the result is an annoying stop-and-go user experience. Employee productivity is hampered. Customer service declines. Inefficiencies, redundancies and risks in managing access to partner sites. Collaboration and sharing information within and across organizations is a key business strategy. Employees and customers must be able to easily access data on internal systems as well as data that is managed by partners such as outsourcers and other service providers, suppliers and distributors. When users must repeatedly login and enter passwords to gain access to partner sites, they get frustrated. Having user identity information managed in multiple places by external partners creates redundancies and risks for the organization. Heterogeneous environments. Most organizations have already made significant investments in e-business technologies and the end result is a multi-faceted, heterogeneous environment. Any new functionality must work within the context of their existing infrastructure. 1

4 II. SOLVES THE CHALLENGES An I&AM solution enables organizations to confidently exploit the power of the Internet, paving the way for increased profitability and competitive advantage. It provides an effective way to manage online identities and control access to resources for complex e-business environments; and provides users with single sign-on to multiple applications, even across business boundaries. Specifically, I&AM solves many of the challenges of e-business. This white paper profiles leading enterprises across a wide range of industries that have implemented I&AM and are achieving: Optimized business processes across the extended enterprise. By efficiently managing user credentials and access to data, organizations are able to automate interactions not only with employees but also their customers and partner networks. With a high-performance, scalable I&AM solution, organizations can manage access for millions of users and huge numbers of applications. Reduced administration and help desk costs. Implementing I&AM reduces operating costs for large user populations by replacing manual processes with automated capabilities, requiring less administrative overhead. By providing single sign-on, an I&AM solution reduces the number of passwords that users must remember, decreasing the number of calls to the help desk. Moreover, capabilities such as automated password resets and user self-service further reduce helpdesk costs. Risk Mitigation. By centralizing user management and access to applications, I&AM is an effective way to manage risks and protect user identity information. Streamlining user privilege management helps ensure that it is kept current for multiple applications, so that for example, terminated employees access rights can be revoked for all applications in a timely manner. Consolidating user identity information increases control over that information so that it does not get into the wrong hands. I&AM helps implement risk strategies than can protect data without compromising convenience for users. Simplified auditing and compliance. With I&AM, organizations can reduce the risk of unauthorized access and protect the privacy and integrity of information. As well, I&AM allows consistent enforcement of security policies across multiple applications. Centralized logging and reporting functions help in conducting detailed audits. Heightened levels of security in validating users identities. It is well understood that passwords are not a high-assurance method for verifying the identity of users. An I&AM solution that implements strong authentication adds a layer of security since users must provide two factors (typically a PIN combined with a token or smart card) in proving their identity before gaining access to applications. Strong authentication reduces the risk of unauthorized access and provides a reliable method of validating a user s identity that would be consistently auditable. Transparent access to information. Organizations today have information resources distributed across their global enterprises and increasing amounts of data are being managed by outsourced service providers, as well as other partners such as suppliers and distributors. I&AM enables increased productivity and business agility by streamlining access to distributed resources across the company, even across business boundaries. Users gain single sign-on access to information located on internal sites and external partner sites. Enhanced customer service levels. I&AM enables easeof-navigation and personalization, increasing the value of the online experience, building loyalty and increasing customer retention. Improved self-service for employees, customers and partners. Through streamlined access to information, I&AM can improve web-based self-service, whether it s for employees updating their own benefit information, customers obtaining support, or sales agents ordering product online. For employees, web-based self-service increases productivity, creating bottom-line savings. Selfservice for customers moves these users away from more expensive modes of interaction such as call centers. Selfservice for partners strengthens relationships and makes them more profitable. Increased cross-selling of products and services. By making it easy to gain access to partner sites, organizations can transparently offer an expanded line of products and services. Seamless integration. A standards-based I&AM solution plugs into an organization s existing infrastructure and protects the investment. Proven interoperability with Internet technologies, applications and datastores means easier and faster deployments. If it is built on open standards, an I&AM solution can be leveraged across diverse internal and external partner systems. It can also lay the foundation for future growth so that more applications can easily be added and it avoids vendor lock-in. 2

5 III. COMPONENTS OF IDENTITY AND ACCESS MANAGEMENT An I&AM strategy encompasses six tactical areas: access management; comprehensive user management capabilities; provisioning of user identities and permissions; authentication; federated identity management; and secured, centralized data stores to maintain the required policies and profiles. These components should work together as an efficient, intelligent system. In the realworld implementation case studies that follow, enterprises have selected the components that meet their objectives for a total, integrated solution tailored to their needs. Access Management. Allows an organization to assign and enforce user access rights for diverse resources across intranets, extranets, portals and exchanges. Organizations can issue, revoke and change user access privileges for multiple web-based applications. Privileges can be defined at a very granular level based on combinations of user roles and attributes as well as business rules and security policies. Fine-grained authorization protects not only access to applications but can also control what users see and do once they have access to applications. Administrators can grant or deny access to specific transactions, limiting not only the information available to users but also the functions they are able to perform. Centralized access management not only streamlines administration of access rights, but also provides users with single sign-on (SSO) access to multiple applications. User Management. Ensures that the user data can be managed efficiently and cost-effectively and is accurate and current without adding administrative costs. Automated tools are provided for updating user profile information in specific applications. Key capabilities include delegated administration, approval workflow, user self-service and password resets; as well as synchronization with the user data store. An organization can establish uniform policies and security standards through automated notification and enforcement of authentication and access mechanisms, for example automated password expiry, account lock-outs and start / end dates. Provisioning. Automates the tedious and time-consuming process of managing accounts across their entire life cycle. It allows centralized departments to quickly activate, modify or de-activate defined user accounts across multiple applications and identities rather than on a one-by-one basis. Mechanisms by which users are provisioned access to applications across the enterprise can be defined and automated, including explicit permit, explicit deny, policybased revocation, fine-grained entitlements management and policy history. Policy violations and exceptions can be detected to ensure valid accounts have been provisioned with an appropriate level of access. Authentication. Centrally manages authentication services which validate the identity of the user. Various authentication methods can be used such as passwords, two-factor authentication with time-synchronous tokens, digital certificates and smart cards. Authentication policy is enforced across multiple applications. Strong authentication can be integrated to enhance trust in network, intranet, extranet and portal environments by requiring users to present conclusive proof of identity before being granted access to sensitive data and processes. This high level of protection is especially important for remote and web access-where there are no physical controls present; and in single sign-on environments where a user s identity unlocks multiple resources. Federated Identity Management. Helps overcome the challenges of a collaborative business environment. It enables organizations to share trusted identities across the boundaries of the corporate network with outsourced service providers, trading partners, autonomous business units and remote offices. Users get secure single sign-on across multiple systems for streamlined information access. Federated identity management increases an organization s control over users identity information and facilitates enforcement of security policy across multiple partners. User Data Store. The directory or database that is an enterprise s authoritative source of user data. It typically draws pieces of data from multiple applications and pushes updated data back to those sources including other identity management solution components ensuring the timeliness and consistency of user data across the enterprise. 3

6 IV. REAL-WORLD IMPLEMENTATIONS OF IDENTITY & ACCESS MANAGEMENT The concept of I&AM is very compelling but the proof must come from real-world implementations. The following case studies profile leading enterprises in a wide range of industries which have implemented various components of I&AM to meet their specific business objectives and have achieved significant positive results. Their stories reflect the experiences of companies across the globe that are successfully using I&AM to reduce costs, increase profitability, build competitive advantage and meet the requirements of regulations. i. Banking Industry Diversified Financial Services Company As with most companies today, this financial services organization is outsourcing HR functions to an outsourced service provider. The primary objective of this project was to drive bottom-line savings through systems management and increased employee productivity. They wanted to implement an employee self-service model and improve access to information through SSO to the outsourced HR applications. It was important for them to create an infrastructure that would allow consistent, repeatable processes for authentication and authorization that followed industry standards. The solution had to be scalable to accommodate additional users and future applications since HR applications were the first of many. The company required a strategic partner with a strong reputation in the Identity and Access Management space, with specialized knowledge in Federated Identity Management. The company implemented a total I&AM solution including Access Management with the central component being Federated Identity Management. It enabled the bank to share employees identity information outside their corporate network with their outsourced service provider. The bank realized substantial ROI with the time saved in application development and a quicker time to market than building a proprietary solution. Cross-company authentication has worked very well and with employee self-service, the bank saw an increase in overall productivity. They were also able to implement consistent protection across all applications and improve their auditing capabilities. Large Financial Services Organization This financial services organization aimed to facilitate business growth and provide superior service to their members. Goals also included meeting regulatory compliance by improving their auditing capabilities and access controls. They were also looking to heighten overall security levels and provide a better method of authenticating users while increasing administrative efficiency. The solution had to integrate well with multiple applications and provide SSO to those applications. One of the bank s main concerns was to implement a robust I&AM solution that would not create unnecessary burden on their IT resources. They implemented a total I&AM solution including Access Management, User Management and Strong Authentication which provided the key elements to meeting regulatory compliance. Other components included Federated Identity Management which will carry employees and partners identity information across multiple domains and business units. They have seen significant reductions in password resets and overall administrative burdens. Most importantly, they were able to implement a unified front-end with SSO to multiple applications for their users which has increased productivity and has improved the quality of their services. Large Wholesale Bank To enhance their competitive position, this bank made a bold strategic decision to move key applications to the web. As part of this, they required upgrading their security framework in order to provide access to three separate applications inside different security zones. Each zone required different levels of authentication, using digital certificates and tokens. In addition, they also had to address requirements for regulatory compliance. To accomplish this, the bank needed an I&AM system that offered a high level of security with non-repudiation and online signing capabilities. One of the other main goals was to strike the right balance between security and convenience by upgrading their entire security framework and simultaneously improving their web offerings for clients. In the end, they wanted a trusted I&AM advisor that could provide one comprehensive solution that addressed multiple challenges. 4

7 Large Wholesale Bank, cont. Strong Authentication factored heavily into this comprehensive I&AM solution to meet the need for higher security levels and regulatory compliance requirements. Besides Access Management, their solution also included Federated Identity Management and Provisioning components. The Bank was able to bring new services to market as a result of I&AM and increase their bottom line by improving operating efficiency. They managed to upgrade their security framework successfully and to satisfy regulatory compliance requirements while improving key client services. ii. Insurance Industry One of the Top Property and Casualty Insurance Companies This insurance company needed to replace their existing Web Access Management (WAM) system with a more comprehensive I&AM solution to enhance online services and improve partner relationships. They wanted to be able to leverage their I&AM investment across partner systems. As part of this upgrade, they also wanted to provide SSO to multiple applications with more detailed auditing capabilities to meet regulatory compliance. Their I&AM solution included Access Management, User Management and Federated Identity Management. Strong Authentication was also included and was key in meeting their compliance requirements. This Insurance Company was able to implement a solution that not only met their immediate requirements, but enabled them to develop a strategy for long-term growth of their infrastructure with significant expected ROI. This I&AM solution exceeded their expectations by helping them realize greater benefits through implementing Strong Authentication as part of their total solution. One of the Largest Insurance and Financial Services Companies channel easier. Their network of financial advisors not only sells their products but also cross-sells products from partner companies. To get access to product information on all of the various systems, the advisors needed to logon to multiple sites using upwards of 100 different passwords. The company wanted to implement a standards-based method for providing secure, seamless integration between business partner websites, eliminating the need for multiple logons. Other projects included easily integrating systems as a result of mergers and acquisitions. In their competitive environment, ultimately they were looking to increase customer satisfaction, decrease development time for B2B web single sign-on and achieve greater business agility. Federated Identity Management was the key component of their I&AM solution enabling them to integrate cross company authentication, which allows users to sign-on to their site and get seamlessly and securely transferred to partner websites. Through their I&AM solution, this insurance company has made it easier for their independent agents to do business with them and as a result sell more products. The company has been able to capture new business opportunities, roll-out new services and quickly integrate application access across the enterprise, whether for newly acquired companies or between autonomous business units. They have been able to continually expand their use of Federated Identity Management. Large Blue Cross Blue Shield Organization in the U.S. : The main objective of this Health Plan was to enhance web self-service for members, providers and brokers while maintaining a level of service excellence that built their reputation. This included speed of claims handling and accuracy of information. They also aimed to extend their web capabilities in order to maintain strong relationships with partners. It was imperative to meet very strict guidelines for protecting the personal information of members in order to comply with regulations. Ultimately, their I&AM solution had to increase timeliness and quality of service while avoiding help desk and unnecessary costs. Many organizations sell third party products especially in the insurance industry, cross-selling is an important business strategy. This insurance company wanted to make doing business with their partners and distribution 5

8 Large Blue Cross Blue Shield Organization in the U.S., cont. This Health Plan implemented an I&AM solution comprised of Access Management and User Management. Some of the key capabilities included delegated administration, fine-grained control of user privileges. They were able to quantify a significant ROI by increasing services and decreasing administrative costs. Their I&AM solution has enabled more efficient administration of user identities and provided better self-service of members to find and update personal information. It was easy to deploy and integrated well with their directories and datastores. A Managed Care Company To this managed care company, offering superior online services, implementing strong security and increasing the efficiency of access management was very important. They aimed to increase member retention and enrollment of new members while optimizing user experience through improved self-service. The company had very specific requirements for platform support and integration with their existing directories. Access Management provided SSO to multiple applications and was key in their I&AM solution. Their I&AM solution has enabled them to lower administrative costs as well as significantly improve their claims processing and other services. Improving access to multiple applications with SSO has contributed to higherquality relationships with their clients, providers, consultants and brokers. One of the Top Life Insurance Companies Improving customer retention by offering a better user experience was one of the main objectives for this life insurance company. Another was to provide a single security framework, centralized access control and SSO for multiple applications. One common infrastructure would allow business units and partners to easily track customer activities; and reduce the costs of customer support. Access Management combined with User Management provided SSO to multiple applications with a better means of defining user privileges and enforcing access controls. I&AM improved customer service and retention by providing SSO to multiple applications. It also enabled more efficient monitoring of customer activities by business units and partners. The company was able to reduce support costs, improve efficiency with less administrative headaches and saw substantial savings. One of the Largest Insurance Companies This insurance company wasn t getting the full benefits from its existing web access management (WAM) system and needed to extend its capabilities across its enterprise without having to replace it. They wanted to provide SSO to multiple applications for their external business partners. The primary component of this solution was Federated Identity Management which was integrated with their existing WAM system from a different vendor. Through the use of federated identity management, they were also able to leverage their existing Strong Authentication system across their partner network. Provisioning was also part of this I&AM solution. With federated identity management, this insurance company s large partner network can SSO directly to the company s site and access multiple applications without requiring additional IDs or passwords. Because the federated identity management solution integrated easily with their existing WAM system, they were able to leverage their original investment and generate additional revenues and cost savings. This solution added considerable value to their partner relationships and has enhanced their services. 6

9 iii. Retail Industry One of the World s Largest Retailers This Retailer aimed to provide employees with SSO to multiple applications through their HR portal. This required specific access controls and other safeguards to meet strict guidelines for protecting personal information in order to comply with regulations. They also wanted to implement strong authentication methods. Ensuring that the I&AM solution had sufficient security to protect sensitive data including appropriate access controls and audit capabilities for meeting regulatory requirements was central to this project. The I&AM system also needed to be an extremely scalable solution to accommodate millions of users. Other goals included reducing costs and improving efficiency in the supply chain, by ensuring that trusted identities could be shared with business partners and suppliers. This was a comprehensive enterprise I&AM solution for their intranet, extranet and portal environments including Access management and User Management. Strong Authentication methods such as digital certificates and USB tokens were also incorporated. Federated Identity Management was implemented to distribute users identity information across their very large network of partners. They were able to provide millions of users with SSO access to multiple applications while meeting the requirements of regulations. Federated Identity Management offered improved efficiency in the supply chain which translates to a reduction in costs. The solution proved to be scalable and integrated easily within their complex environment. Large Grocer and General Merchandiser This Grocer was upgrading its infrastructure to a webbased environment. As part of this process, they required centralized management of user identities and access privileges and SSO across multiple applications. Their large number of employees all had multiple identities. Each employee required different access rights depending on the application. Administration was very difficult and access policies were being inconsistently applied. The solution had to solve these challenges, be customizable and easily integrate with their environment. They were looking for a solution that provided enhanced security and a reduction in administrative costs. The primary components of this I&AM solution were Access Management and User Management which provided user privilege management capabilities and SSO access to multiple applications. I&AM allowed this organization to consolidate and standardize web access management on one security infrastructure, for their entire environment. They were able to improve efficiency and reduce the costs of administering many users identities across multiple applications. iv. Healthcare and Life Sciences Industry Specialized Healthcare Services Company This Healthcare Company needed to standardize and streamline access control across several hundred clinics. They wanted to offer SSO access to multiple applications while centralizing access management. Other goals included integrated authentication and authorization capabilities along with better self-service, to simplify the sign-on process and validation of users across various applications. Their I&AM solution is comprised of Access Management, User Management and Strong Authentication offering tightly integrated capabilities for authentication and authorization in order to validate physicians and others across various applications nationwide. Provisioning was also a key component. 7

10 Specialized Healthcare Services Company, cont. I&AM improved their processes significantly throughout their network of clinics with better self-service and easier access to data for members and physicians. They were able to standardize access control across their vast network which translated into cost savings. This solution also ensured a higher level of security in transferring sensitive patient information which builds increased confidence and better relationships with providers and members. Global Pharmaceutical Company This Global Pharmaceutical Company has a very large geographically dispersed user base consisting of both internal users (e.g. employees) and external users (e.g. partners, physicians) and numerous research and clinical web-based applications. Their objectives were to centralize the administration of user access privileges, allow only authorized users to access applications and monitor their activities, provide users with single sign-on access to multiple applications and manage different authentication methods (passwords, tokens, digital certificates). They also needed to meet regulatory requirements for access control. A central goal was to improve the productivity of employees and physicians by providing them with seamless access to clinical information which resided both on their Intranet and a portal that they had built for physicians. Their solution includes Access Management, User Management and Federated Identity Management. By implementing a web access management infrastructure, they have achieved centralized access control and single sign-on. As part of this project they have consolidated user databases from all countries and subsidiaries which link to the enterprise directory. With federated identity management, they have met their goal of seamless access to clinical information for employees and physicians. Overall, they have been able to greatly increase the efficiency of their systems. v. Manufacturing Industry A Fortune 100 Manufacturer This Manufacturer was upgrading their home-grown infrastructure and aimed to create a consistent user experience. They needed SSO access across multiple applications with the scalability to add future applications as required. The solution had to support integration with their existing directories. As part of future plans, they required a robust solution to allow them to grow I&AM capabilities across their extended enterprise. Access Management and User Management were the primary components of this I&AM solution. Federated Identity Management will factor into this solution by providing single sign-on access to partner applications. They have been able to enhance user experience while decreasing their administrative burden. Moving forward, they anticipate the added benefits of enhanced partner relationships. Top Furniture Manufacturer Initially, this Furniture Manufacturer was looking to improve the efficiency of partner relationships by better managing identities across their extended enterprise. They wanted to provide their dealers and business partners with SSO access to a third-party hosted application, as well as other applications. They quickly realized that I&AM could also help them to meet their regulatory compliance requirements with capabilities such as access controls and audit trails of users activities across multiple applications. They implemented Federated Identity Management to enable the sharing of trusted identity information across their network of dealers and partners; and Access Management, User Management and Provisioning to help them meet regulatory compliance requirements. The solution helped this manufacturer to conduct business more efficiently with partners and dealers and to ease their compliance efforts by providing better access controls and auditing. 8

11 Large Paint Manufacturer This Paint Manufacturer wanted to enhance user experience and provide SSO access to multiple applications and services for employees, customers, partners and suppliers. They aimed to improve efficiency in their supply chain by increasing the number of online applications while still lowering costs. Another major goal was facilitating compliance with government regulations. To accomplish this, they would need a consolidated security framework for authentication and authorization of users and a better way to manage and distribute user identities across their extended enterprise. Their comprehensive I&AM solution included Access Management, User Management, Provisioning and Strong Authentication providing a robust authentication and authorization framework. This Paint Manufacturer was able to improve efficiency, lower costs and expand online services for their supply chain. The solution enabled an enhanced user experience for customers and also helped meet regulatory compliance. One of the Top Cosmetics Manufacturers This Cosmetics Manufacturer needed to increase efficiency in their e-business environment. This involved increasing the security of their sites and applications, improving the accuracy of user information and reducing administrative and helps desk costs. They also wanted to provide users with SSO access to multiple sites and applications through a secure authentication procedure. Administrators needed to be able to better manage multiple identities and access controls to different applications. Ultimately, they wanted to implement one common security infrastructure to offer personalized access to multiple, geographically dispersed applications. Their solution included Access Management, User Management and Strong Authentication for an integrated, centralized authentication and authorization infrastructure. With a comprehensive I&AM solution, they were able to reduce the administrative burden and help desk costs for remarkably improved efficiency. They also achieved increased granularity in managing access rights and met their requirements for a centralized framework with a distributed architecture. One of the World s Largest Specialty Food Manufacturers This Specialty Foods Manufacturer needed e-business to play a critical role in defining competitive advantage. It was imperative to expand beyond simple intranet applications to more strategic extranet applications that added value for their customers, channels and partners. They needed to balance increasing efficiency with improving security. By combining many disparate server sites, they had to be able to control access to Web applications, based on user profiles, through centralized privilege management. The solution had to be flexible, easy-to-deploy and needed to integrate well with their supply chain and other services. Access Management and User Management were the primary components to this I&AM solution. I&AM provided significant time and cost savings, improved efficiency with partners and added value to their supply chain. This Specialty Foods Manufacturer enhanced their user experience and was able to offer better online services. Large Specialty Products Manufacturer This Specialty Products Manufacturer wanted to update their computing infrastructure and leverage the web to cost-effectively deploy new applications to employees, retailers and customers through B2B, B2C and B2E portals. They needed SSO for users to gain access to multiple applications and centralized user privilege management. One of their key goals was to integrate with multiple partner technologies involving homegrown applications within complex environments. It was also important to them to work with a strategic I&AM partner. 9

12 Large Specialty Products Manufacturer, cont. Access Management and Provisioning were the primary components to this I&AM solution. They were able to demonstrate an increase in revenue through better quality services, a faster time to market and an overall improvement in performance, process, administration and management. vi. Energy Industry Onshore Energy Company This Energy Company aimed to move business applications to the web. These applications were both internal employee applications as well as external customer information applications. They wanted to automate SSO capabilities to their back-end systems and increase the efficiency in authenticating users. Access Management with integrated authentication capabilities was the primary component to this I&AM solution. This Energy Services Company was able to implement higher security standards while increasing efficiency by upgrading their application infrastructure to the web. Large Wholesale Power Company This large provider of Wholesale Power needed to secure their online marketplace to improve trading of electricity commodities. They needed to provide increased selfservice and SSO to their users and required improved administration through centralized user privilege management. They had to be able to integrate different forms of authentication for multiple user groups. The central components to this I&AM solution were Access Management, User Management and Strong Authentication through tokens and digital certificates. Better self-service and SSO improved the productivity and efficiency of the organization while improved user management capabilities reduced administrative costs. Large Oil and Gas Producer This large Oil and Gas Producer wanted to extend their use of strong authentication to protect more applications. They also wanted to provide their users with SSO access to multiple applications and readily add future applications. The key component involved in this I&AM solution was Access Management which was integrated with an existing Strong Authentication implementation. This I&AM solution is now their enterprise standard for Access Management and has been able to leverage their existing strong authentication implementation. This solution has enabled them to offer increased functionality and set the foundation for future growth. vii. Technology Industry Global Information Solutions Company This company aimed to improve their customer relationship management capabilities and provide faster and more secure access to web applications across their extended enterprise. They wanted to make it easier for their users to access applications and for their administrators to manage user identities and profiles. Another goal was to improve relationships with their partners by providing better SSO functionality and user management. It was also important to them to improve the efficiency of labor-intensive processes in order to increase the quantity of transactions. Key components included Access Management and User Management as well as Federated Identity Management which will be implemented across their partner network. I&AM has increased efficiency and enabled faster processing and single sign-on across their extended enterprise. They have been able to recognize a costsavings per transaction. As well, through centralized privilege management, self-service with password resets they have cut down considerably on administrative burdens. 10

13 Large Payment Solutions Company To maintain their competitive edge in the market place, this company wanted to offer consistently better online service to customers. They aimed to create a common security infrastructure and provide single sign-on access across all of their applications. Access Management was the key component in this I&AM solution. This Payment Solutions Company received immediate ROI because the added functionality provided by I&AM made it easy to up-sell additional services. I&AM made it possible to provide better service to their customers within the context of an enhanced security framework. Global Software Solutions Company This software company needed to provide SSO to multiple applications and centralized user privilege management for easier administration. It was proving very difficult to manage multiple passwords across a large number of users. They also wanted to offer single sign-on to multiple applications for their partners and required a means to better manage and share user identity information across their extended enterprise. Their I&AM solution consisted of Access Management and Federated Identity Management. They improved efficiency by removing the need for multiple passwords across the extended enterprise for internal and external applications and improved relationships with their partners by making it easier to conduct business. BUSINESS VALUE CREATED BY IMPLEMENTING Get a tangible return on investment Immediate payoffs include greatly reduced help desk calls Create bottom-line savings Reduce administrative costs with automated processes and increase efficiency and user productivity Manage risks by enforcing policy Consistently enforce authentication and access control policies across multiple applications Ease regulatory compliance By ensuring that only authorized users gain access to information and by controlling and monitoring user activities, you can more easily meet regulatory compliance and audit requirements Enable new opportunity By tightly managing customer and partner identities, companies can securely expand online offerings, reduce transaction costs and confidently pursue new revenue opportunities Make doing business easier By providing SSO access that spans the extended enterprise, you make it easier for your employees to be productive and for your organization to do business with customers and partners, including outsourced service providers and suppliers. 11

14 V. WHY CHOOSE RSA SECURITY FOR I&AM? Leading enterprises across a wide range of industries and from every corner of the globe have selected RSA Security for comprehensive I&AM solutions. With 20 years experience and over 15,000 customers worldwide, we have a solid track record helping organizations enable business while protecting information. RSA Security s solutions are designed to offer seamless integration with diverse e-business environments. We partner with over 1000 technology firms for certified interoperability with the broadest range of infrastructure products and business applications. We can say with confidence that we integrate with any complex, heterogeneous environment in today s market. Our company has a long tradition of leadership in developing and implementing open standards for information security, including recent standards for identity & access management, federated identity and web services. We are experts at your service. Our Professional Services team and our long list of system integration partners help companies successfully architect and deploy high-value solutions. Along with our strategic partners, such as Accenture, we assist organizations with business transformation initiatives related to identity management. And with our customer support organization, we help to ensure that your solutions are up and running 24x7. In selecting an I&AM vendor, companies look for a strategic partner that offers the best solution today with a vision for tomorrow that will assure their continued success as their systems grow and environments change. They choose RSA Security because we are committed to achieving our customers objectives now and for the long term All Rights Reserved RSA and RSA Security, are either registered trademarks or trademarks of in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. SRWIAM WP