Enhancing Compliance with Modern IAM Solutions
iC Consult’s team of SailPoint Architects and Identity and Access Management (IAM) experts devised a systematic process that allowed the IAM team to work on multiple applications at one time. The improved process enabled our client to not only achieve their SOX compliance goal but, more importantly, to have zero findings during their SOX audit for applications managed by the iC Consult team. IC Consult implemented standards and processes that will save millions of dollars in audit penalties and operational costs.
Tackling Rapid Expansion and Regulatory Demands
Our client was a fast-growing company, expanding their IT assets quickly through multiple acquisitions. The influx of new applications and advanced capabilities enabled them to revolutionize the U.S. healthcare system. While the rapid growth fueled opportunity, they were faced with a significant challenge. To support the newly acquired assets, they needed to build out an Identity and Access Management (IAM) program that would allow them to have visibility into their systems and establish controls that could grant and remove access at scale. In addition, the company was preparing for an Initial Public Offering (IPO), which required them to meet Sarbanes-Oxley compliance requirements needed to establish and verify public trust.
The company needed to bring dozens of applications and thousands of user accounts and permissions under centralized management that would allow their organization to certify and provision user access, manage user lifecycles, and enforce business policies. They also needed to be able to report this activity to auditors reliably and consistently.
With a complex environment that handles billions of sensitive healthcare transactions each year, along with their IPO in front of them, time was of the essence. The Identity program needed enhancements to meet the compliance standards of a mature and established healthcare organization. The effort was accelerated by the impending IPO and was getting C-level attention, which made the Identity program a large, high-stakes priority.
Implementing Innovative IAM Strategies for Scalable Solutions
iC Consult reviewed and enhanced the client’s existing SailPoint IdentityIQ code base and established documented, repeatable build and deployment processes using tools like Git and Jenkins. These standards laid the foundation for success in the SOX Readiness Project by shortening the build-to-deploy timeline. Using SailPoint’s best practices, iC Consult integrated 48 applications within 11 months, implemented custom solutions to scale for an environment with over 100,000 identities, and paved the way for further development of our client’s IAM program.
Much of the success of the program was a direct result of identifying and articulating requirements in advance. iC Consult created standardized documentation templates that guided integrations for each step of the process. We worked closely with executive leadership, application teams, and business stakeholders to find pain points, plan solutions, and then implement our designs in a predictable, repeatable way for each integration. This reduced time to deployment throughout the development lifecycle, ensured that standards were followed, and ultimately was a large contributor to the achievement of the company’s SOX compliance goals.
To assist in the design of a reliable and secure approach, we leveraged iC ConsultLABS to run feasibility studies and determine the best strategies for their environment. The resulting solutions enabled our client to efficiently build their program around governance, standards, and repeatable pr
Building a Foundation for Compliance and Long-Term Success
Getting past compliance hurdles ahead of their IPO was significant. However, a greater goal was achieved. Through the standardization of processes, they established a path to success for IAM and are enabling the IAM team to make long-term positive contributions to the business. Good process yields shorter time-to-value, enhances user experience, and establishes proper controls. These positive outcomes highlight the value of the IAM program and ensure continued executive support and funding for the program in the future.