Overview:
The Client, a major developer and operator of high-end hotels and casinos, was looking for a solution to manage application access across the enterprise. With numerous resorts, casinos, and shops that staff hundreds of employees, they were looking for a process to simplify work requests and a centralized location to manage the requests.
The Challenge:
In an organization, the size of the client’s, consisting of over 12,000 users and 400 different applications, the ability to orchestrate access is a daunting challenge. With multiple regulatory requirements, global operations, and 24 x 7 x 365 operations, managing user access permissions is critical for Information Security. To address these issues, the client came to JIT with the request to modernize and improve the workflow process. Including how agents fulfill requests, workers request the service, and how insights are provided to executives through dashboards and reports. They needed a system capable of managing application access for all workers across the enterprise.
The Solution:
In today’s modern Information Security landscape, least-privilege practices and role-based access controls (RBAC) are the cornerstones of a data protection program. By managing proper permissions and application access, information workers at the client can access everything they need to deliver superior service while still ensuring that sensitive company and guest information remains protected.
JIT began by implementing a 2-phase solution. The first phase involved working sessions and requirement workshops to understand the company’s current state. Through working with and listening to the client’s management team JIT was able to identify gaps and other challenges that needed to be addressed to enhance, automate, and refactor 3 core fundamental identity management processes.
- Improving the onboarding and automating of granting of birthright applications.
- Enhancing and automating the creation of grants and revoking requests for individuals transferring positions internally
- Improving the process of revoking access for separations
The second phase is focused on optimizing the user experience. Improving the way workers request access; how stakeholders or approvers manage approvals, fulfillment teams manage and action their tasks, and providing executives and security teams a lens to access risk and manage application compliance for them.
The Result:
JIT is helping to modernize the way the client works. As a result of this solution, they can identify and resolve potential audit and compliance risks prior to a formal internal or 3rd party audit. The solution also creates true visibility to individual and property access, allowing them to quickly process access requests and provide tracking points of time. Additionally, the solution is projected to improve delivery time for access requests from 72hrs down to 48 hours.
The following services and products were used to support the process:
IT Workflows
- Request Management
- Service Portal / Employee Center
- Custom application