An American Financial Services Firm. FSOC designated Systemically Important Financial Market Utility.
Over $100 Billion in margin holdings
Employee Size: ~1000 Employees
The customer had both Sailpoint IdentityIQ (IIQ) and CyberArk implemented into their environment; IdentityIQ had full Lifecycle integration (Joiner/Mover/Leaver). However, the currently implemented processes were unreliable, and required significant daily manual intervention to support. Additionally, configuration and code changes were performed entirely manually, limiting the ability to keep pace with business need. For CyberArk, additional management and automation of service accounts was required to maintain SCI compliance.
SecureITsource performed an analysis of the existing Identity Lifecycle, IdentityIQ deployment, and CyberArk Architecture.
An updated design and refactoring of the Identity Lifecycle was implemented:
An automated build and deployment process was implemented:
Standardized CyberArk management of service accounts:
The value of the IdentityIQ design changes and CyberArk deployment had a significant impact to the business. New employees and contractors were more quickly and accurately onboarded with less manual intervention. Reported incidents fell from several per day to a few per month. With the updated build and deployment processes, changes went from 2 or 3 per month to multiple per week. Vulnerability patches were deployed the week of release. For CyberArk, over 9000 service accounts were onboarded. 4000 of which were AIM integrated applications. Much of the manual management required of the IAM and PAM teams was mitigated.