IDENTITY & ACCESS MANAGEMENT

Similar documents
MICROSOFT HIGHER EDUCATION CUSTOMER SOLUTION

Identity & Access Management in the Cloud: Fewer passwords, more productivity

MICROSOFT HIGHER SOLUTION

Manufacturer to Enhance Efficiency with Improved Identity Management

The Return on Investment (ROI) for Forefront Identity Manager

Identity and Access Management for the Hybrid Enterprise

Healthcare Provider Chooses Office 365 to Meet Compliance Needs, Boost Communications

Migration from Lotus to Exchange Complex solution for simplify transition

Identity and Access Management

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

ADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT

Coca-Cola Enterprises Selects Microsoft SharePoint Online to Advance Productivity

Overview of products, services and capabilities

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

Automated User Provisioning

Cloud Computing: What IT Professionals Need to Know

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Coca-Cola Enterprises Tackles Competition with Microsoft Online Services

Lufthansa Systems Uses Hybrid Cloud to Trim IT Delivery to Hours and Reduce Costs

Fuel Company Uses Online Tools to Energize Employee Communications, Drive Mobility Online Tools

Identity and Access Management Memorial s Strategic Roadmap

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Windows Server 2003 End of Support Options

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

The Wise Group and Microsoft Office 365 Customer Solutions

Federated Directory Services

Centrify Server Suite Management Tools

Brochure. Update your Windows. HP Technology Services for Microsoft Windows 2003 End of Support (EOS) and Microsoft Migrations

Bill Fiddes Learning and Development Specialist Rob Latino Program Manager in Office 365 Support

Microsoft Enterprise Mobility and Client Futures

How to best protect Active Directory in your organization. Alistair Holmes. Senior Systems Consultant

INTRODUCING CLOUD POWER

Joe Young, Senior Windows Administrator, Hostway

Finance. Resources. Operations. Marketing. Workflow Hero s Line of Business. Conversation Guide.

Case Study. SNW Asset Management. (866)

Designing for Office 365 Infrastructure

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Active Directory & Consolidation Project. Category: Enterprise IT Management Initiatives. State of Missouri

How can Identity and Access Management help me to improve compliance and drive business performance?

Mod 2: User Management

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

Building the Business Case for Cloud: Real Ways Private Cloud Can Benefit Your Organization

Best Practices for an Active Directory Migration

Certified Identity and Access Manager (CIAM) Overview & Curriculum

The Journey to High Performance. Transforming Accenture s IT Services

Microsoft Enterprise Mobility Suite

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

Building a Cloud-Ready, Future-Proof Identity Infrastructure:

5 ways Mimecast relieves the headache of

Law Firm Automates Complex Workflows, Streamlining Processes and Development

Extend and Enhance AD FS

Streamline HR Tasks with Centralized Document Access

SkySight: New Capabilities to Accelerate Your Journey to the Cloud

Global Outsourcing / Infrastructure Management. Instinct 2.0. Bridging the Gap between the Disparate Needs of Organizations and End-Users

Global Software and Services Firm Reduces Costs, Builds Community with Unified Communications

Data Ingestion into Office 365

I believe. Satya Nadella CEO, Microsoft. History of making big bets

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

Provide access control with innovative solutions from IBM.

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

The Challenges of Administering Active Directory

Cloud Services Catalog with Epsilon

Customizing Identity Management to fit complex ecosystems

Ensim Unify INFRASTRUCTURE OPTIMIZATION FOR MANAGED SERVICE PROVIDERS. An Ensim Business Whitepaper

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

FOREFRONT IDENTITY MANAGEMENT

maximum 2 lines Ultimate flexibility and control for enterprise cloud users plus infrastructure savings of up to 40%

10 steps for a smooth migration to Office 365. A decision-maker s guide

Humanitarian Group Expects to Save 20 Percent in Overall Costs with Hosted Services

Team Avanade Project Total 17 Consultants. Accenture Business Services for Utilities Project Total 3 Consultants

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Softerra Adaxes Enterprise Directory Solution

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

BMC Control-M Workload Automation

Mod 3: Office 365 DirSync, Single Sign-On & ADFS

ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL

Quest One Identity Solution. Simplifying Identity and Access Management

Transcription:

Securely Enabling Your Business IDENTITY & ACCESS MANAGEMENT Customer Solution Case Study FishNet Security Helps Hotelier Prepare for Rapid Move to Cloud with New Identity Management Solution Achieving a 97 percent success rate for a cloud migration is unheard of for an organization as large as Hyatt. Michael Blake, Chief Information Officer, Hyatt Hyatt was preparing to migrate its 70,000 information workers to Microsoft Office 365 for cloud-based email and collaboration. It first needed to consolidate its Active Directory Domain Services and automate user-credential management. Hyatt worked with identity and access management specialist FishNet Security to reorganize its directory structure, deploy Microsoft Forefront Identity Manager (FIM) 2010, and create a centralized identity and access management portal. Thanks to the cleanup of the directory service and automated efficiencies, Hyatt was able to migrate as many as 1,000 employees a day to the cloud service and has achieved day-one productivity for new employees, granting them access to needed applications on their first day of work. The IT staff now has more time to spend on revenue-producing projects, and Hyatt can complete audits in one-sixth the time. Overview Industry Retail Hospitality Customer Profile Hyatt is a global hospitality company with 451 hotel and resort properties in 43 countries. It is based in Chicago, Illinois, and employs 106,000 people worldwide. Business Situation Hyatt needed to consolidate its Active Directory structure, automate identity-related tasks and simplify system audits to prepare for its migration to Microsoft Office 365. Solution Hyatt deployed Microsoft Forefront Identity Manager 2010 to centralize and automate the identity credential management needed for the cloud migration. Benefits Migration of 1,000 user credentials a day to cloud Day-one employee productivity IT time freed for new projects Lower support, licensing costs Faster audit compliance

Situation Hyatt is a global hospitality company whose name is synonymous with quality, comfort and service. Hyatt and its franchise partners operate hotels and resorts under the Hyatt, Park Hyatt, Andaz, Grand Hyatt, Hyatt Regency, Hyatt Place and Hyatt Summerfield Suites brand names. As of March 31, 2011, the company s worldwide portfolio consisted of 451 properties in 43 countries on six continents. Hyatt employs 106,000 people. Unify Operations As Hyatt expanded its global footprint between 2005 and 2009, it bifurcated into two organizations, one focused on the U.S. market and one focused on the international market. The two sides of the business ran independently, with employee email addresses having different email domains. However, the decentralized structure bred expensive redundancies, and management wanted to trim costs and also achieve greater consistency in the tools employees used and procedures they followed. In mid-2009, Hyatt went public, which accelerated management s goal to unify the company. Hyatt merged the management structure of its two businesses and asked all departments to work on consolidating and simplifying policies, procedures and tools. Hyatt Chief Information Officer Michael Blake wanted to extend the unification strategy to the company s technology, giving all employees a consistent set of tools for doing their jobs effectively. One of the key technology unification projects that Hyatt decided to launch, in mid-2010, involved the migration of its companywide email messaging infrastructure from IBM Lotus Notes to the Microsoft Business Productivity Online Standard Suite, later renamed Microsoft Office 365. For organizations of all sizes, Microsoft Office 365 unites familiar Microsoft Office applications with the power of Microsoft Exchange Online, SharePoint Online and Lync Online into one connected online solution. From a strategic standpoint, cloud computing makes sense for Hyatt, Blake says. We re very thin at the top in terms of executive management. We outsource application hosting wherever we can, and we have a very lean core IT staff, using contractors for many tasks. With cloud computing, we can put subject matter experts in charge of key applications so that we don t have to manage those applications ourselves. It reduces our capital and staffing costs. Consolidate and Automate Before Hyatt could migrate 70,000 information workers to the cloud, it needed to clean up the Windows Server 2008 R2 Active Directory Domain Services directory service structure. The company had hundreds of Active Directory user domains with no centralized management structure. Even though we used Active Directory as our global directory service, we had to synchronize Active Directory With cloud computing, we can put subject matter experts in charge of key applications so that we don t have to manage those applications ourselves. It reduces our capital and staffing costs. Michael Blake, Chief Information Officer, Hyatt

with four separate human resources applications, and we used our legacy identity management platform separately to manage access to our reservation system, says Steve Lieberman, Product Line Lead for Identity and Access Management at Hyatt. Nothing was unified or integrated, and IT managers at each hotel property were responsible for provisioning and deprovisioning users with application credentials. Depending on how busy these people were, it could take days for new employees to gain access to the applications they needed. Migrating tens of thousands of email accounts to Office 365 would require automated efficiencies that Hyatt did not have. Once we consolidated and centralized our domain structure, we would need an automated system for managing it, Lieberman says. Additionally, Hyatt would need to maintain a dual email infrastructure during the phased migration to Office 365. Simplify Audits Hyatt had another motivation for consolidating its Active Directory infrastructure: better compliance with audits that would be required of it as a public company. We needed to be able to audit employee access rights on a quarterly basis, and it was impossible to do that in a decentralized environment, Lieberman says. Our audit team had to gather information from multiple business groups and properties, which was usually a six-week process. Solution Hyatt decided to deploy Microsoft FIM 2010 to gain centralized management and automated efficiencies related to handling identities, credentials and identity-based access policies in its environment. By using FIM, Hyatt would also be able to empower employees with the ability to reset their own passwords and manage routine aspects of identity and access. I wanted every application to be authenticated under a single platform, and FIM provided a single place to manage identities across a broad range of operating systems, email and collaboration tools, databases, directories and applications, Blake says. Hyatt engaged FishNet Security, a member of the Microsoft Partner Network with Gold competencies in identity and access management (IAM), to help with its strategic approach to cloud readiness and directory service consolidation. FishNet Security worked with Hyatt to develop an IAM roadmap that would enable the immediate cloud migration and would support the ongoing mail coexistence infrastructure. As a trusted advisor to Hyatt, FishNet Security helped build a three-phase program to address the immediate cloud migration needs, but also established the foundation to enable future cloud application adoption. We needed to be able to audit employee access rights on a quarterly basis, and it was impossible to do that in a decentralized environment. Steve Lieberman, Product Line Lead, Hyatt

Phase 1: Mature Infrastructure and Processes to Support Cloud Readiness Hyatt recognized the need to first mature its internal process and platforms and automate user management functions before proceeding with the migration to Exchange Online. From August to November 2010, Hyatt worked closely with FishNet Security to aggregate and link multiple human resource (HR) systems to an enterprise directory based on Active Directory. It also collapsed multiple global Active Directory domains into a single forest to support the cloud synchronization service. By using the FIM 2010 portal, FishNet Security enabled e-provisioning of new users from the aggregated HR systems to the hybrid application infrastructure of Lotus Notes and Active Directory (used for Exchange Online). Hyatt was also able to use FIM to centralize and automate email distribution list management based upon authoritative data from the HR platform, which further enhanced corporate communication processes. Phase 2: Empower End Users, Automate and Standardize Management Building on the success of Phase 1, Hyatt and FishNet Security began Phase 2 in November 2010 to further extend FIM to support an improved user experience and additional automation. During this phase, Hyatt and FishNet Security broadened FIM portal access to hotel IT managers, who were able to use it to provision and deprovision new non-employees (contractors) and create and manage security and distribution groups. After six months of cloud-readiness work with hotel IT managers, Hyatt started migrating employees to Office 365 in April 2011. By using FIM, Hyatt was able to migrate as many as 1,000 users a day to the Microsoft cloud service. As of June 2011, Hyatt had migrated 6,000 employees and was gathering user feedback before proceeding to the remaining 100,000 employees. Also during Phase 2, Hyatt replaced the legacy identity management platform with FIM to manage access to the hotel s central reservation system, its primary revenue-generating application. The corporate IT staff gained the ability to manage identities more effectively through the FIM administrative console rather than jumping between multiple access and reservation applications. By adopting FIM, Hyatt was able to eliminate the mail management tools within Lotus Notes and automate those processes through the FIM portal. We outsource our help desk, and Forefront Identity Manager helps us isolate support staff members into certain categories, Lieberman says. Instead of giving them access to everything, we can give them authorization to do certain tasks such as create new accounts for contractors or add employees to certain security groups. Also, they re able to Today, audits take less than one week versus the six weeks required before. Steve Lieberman, Product Line Lead, Hyatt

perform these help-desk activities from within the portal rather than jumping between applications. Phase 3: Empower Information Workers and Support Day-One Provisioning Phase 3 gave employees direct access to the FIM portal so that they could perform self-service password resets, create email distribution groups, and selfserve group management and membership. Through the portal, employees can also update their profile, search for co-workers and request access to applications. Also during Phase 3, Hyatt plans to improve visibility to audit data by using the identity and access management data in FIM to create customized reports with the Microsoft SQL Server 2008 reporting services. Benefits By strategically preparing its identity and access management system before moving to the cloud, Hyatt was able to quickly and painlessly migrate thousands of email accounts from an on-premises to a cloudbased solution. It was also able to achieve day one employee productivity, free up time for its IT staff, reduce support costs and improve audit compliance. Migrate 1,000 Employees a Day to the Cloud Thanks to a well-orchestrated access and identity management system adoption guided by FishNet Security and anchored by FIM, Hyatt was able to migrate to Office 365 with a 97 percent success rate. Achieving a 97 percent success rate for a cloud migration is unheard of for an organization as large as Hyatt, Blake says. The 3 percent failure was user error. There s no way we could have managed the migration without Forefront Identity Manager, which made sure that all the user information was input correctly according to Active Directory data. By using FIM, the Hyatt IT staff was able to automate the process of migrating existing email account data into Exchange Online. The Hyatt IT staff can assign new email account creation to the HR staff. In the past, new employees were brought on board by the HR staff, which would pass their names on to local hotel IT support teams for email account creation, Lieberman says. Now, when a new employee is added to the HR system, it asks if they need an email account. If they do, Forefront Identity Manager automatically creates one for them in AD. This automation puts us far ahead of where we were six months ago. Provide Day-One Employee Productivity This abbreviation of the newemployee onboarding process means that Hyatt has been able to achieve its goal of day-one productivity. Blake says, Dayone productivity is important for a company as large as Hyatt and growing as fast as Hyatt. As Hyatt expands its use of FIM, it will add employee self-provisioning for even more applications, and replace paper

request forms for certain kinds of IT support with online requests submitted over the FIM portal. We ll do the same for email traffic, Lieberman says. Opening up portal use will allow selfservice requests for distribution list access rather than handling these over email. A list owner will receive email notification that someone is requesting access to a list, and the list owner can approve or reject the request from within the email message. Free IT Time for Revenue- Producing Projects Automating application access requests has unloaded IT staff members of routine work, freeing them for higher-value activities. All the paper-based processes for requesting employee and contractor accounts will be replaced with online requests, Lieberman says. The process of onboarding a contractor used to be extremely time-consuming, requiring three hours of paperwork plus a series of approvals. Using the FIM portal is saving at least a day s effort per user request. Now I can focus on my job, which is leading the identity and access management program, rather than dealing with paperwork. Blake adds, Forefront Identity Manager is enabling us to focus on managing our hotels and making operations smoother, better and faster. We have more time to focus on enhancing applications that drive revenue and customer preference. Lower Support and Licensing Costs Hyatt also anticipates a reduction in its contract help-desk costs as it empowers employees to take care of their own password resets, distribution list management and security group management. Not only will Hyatt require fewer helpdesk technicians, but also those whom it does require will be focused on resolving more important issues than password resets. By adopting FIM, Hyatt will also save ongoing maintenance and support costs associated with previous identity and mail management tools. Deliver Better, Faster Audit Compliance With its consolidated access and identity management system, Hyatt is also better able to comply with the audits required of it as a public company. Today, audits take less than one week versus the six weeks required before, Lieberman says. Our audit staff only has to go to one place to gather needed data, and it gets higher-quality information from FIM, since smaller properties just couldn t provide some of the needed information. As we tie more applications into Active Directory, we ll be able to make FIM the go-to location for any audit request. Forefront Identity Manager is enabling us to focus on managing our hotels and making operations smoother, better, and faster. We have more time to focus on enhancing applications that drive revenue and customer preference. Michael Blake, Chief Information Officer, Hyatt

About FishNet Security s IAM Services As a strategic partner, FishNet Security delivers unmatched IAM knowledge and solution programs that can help you effect lasting change in IT and business processes. Our vast experience developing strategic approaches and solutions for nearly every vertical market allows us to leverage a wealth of experience and expertise in solving your IAM challenges. Through our proven IAM5 Process, we provide strategic guidance, implementation and support services that incorporate leading IAM platforms and specialized service offerings. FishNet Security s IAM Strategic Services contribute to a client s business objectives by: Reducing operating costs related to user administration and lost productivity. Providing a better customer experience by reducing signon credentials and delivering a cohesive security solution across the enterprise. Improving the speed and quality of application development efforts. Enabling greater manageability of users within the enterprise. Improving legal and regulatory compliance. Facilitating adoption of cloud platforms and resources, and expediting future InfoSec resource adoption and deployment. For More Information For more information about FishNet Security products and services, call 888.732.9406 or visit the website at: www.fishnetsecurity.com For more information about Microsoft products and services, call the Microsoft Sales Information Center at 800.426.9400, or visit the website at: www.microsoft.com For more information about Hyatt services, call 800.323.7249 or visit the website at: www.hyatt.com Partner Solutions Microsoft Server Product Portfolio Windows Server 2008 R2 Enterprise Microsoft Forefront Identity Manager 2010 Microsoft Office 365 Technologies Microsoft Exchange Online Active Directory Domain Services /company/fishnet-security /fishnetsecurity /fishnetsecurity About FishNet Security FishNet Security, the No. 1 provider of information security solutions that combine technology, services, support and training, enables clients to manage risk, meet compliance requirements and reduce costs while maximizing security effectiveness and operational efficiency. FishNet Security is committed to information security excellence and has a track record of delivering quality solutions to more than 5,000 clients nationwide. learn more About our Industry Expertise at: www.fishnetsecurity.com 2012 Security. Last All Modified rights reserved. 00.00.2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information