Workforce IAM Case Study
We collaborated with a strong DevOps organization servicing over 100K customers in both commercial and residential real estate industries to build out an Identity framework to support their customer facing Portals that enabled online Loan Management, Refinancing Applications, Payments, and more.
With the goal of bullet proof security, both in client facing and high-privilege development environments, we set out to build a Customer Privacy and Security-centric Identity foothold that is DevOps and administrator friendly from its inception.
Before orchestrating a customer facing Identity Solution Implementation, it was a security first mindset that prompted a full evaluation of all privileged accesses, orphan admin accounts, and evidences of privilege creep that could become vulnerabilities in the future. Next, was a full review of customer roles and necessary accesses, which bore fruit in the form of a Role Matrix and data migration plan to transition users from a homegrown customer identity solution to a best of breed CIAM solution compliant with Global Security and Compliance standards.
Once Admin privileges had been locked down and processes built around Service Accounts and High Privilege resources with the use of a Privileged Access Management Solution, we were able to fully remediate privilege creep and dead accounts, as well as build a framework for audited, and screen recorded/ log monitored sessions in privileged systems based on Identity threat matrixes and scoring principles. Once the environment had been secured against internal and external threats of compromised credentials, we architected and carried out a migration of users, roles, and accesses to a new CIAM solution with no service interruption to our end users, implementing strong MFA, and industry leading Identity Management in the process. We also laid the framework for a mobile app environment for end-users that is still in development but releasing in 2022.
Increased confidence in meeting financial compliance standards, reduced overhead and development in the managing of customer identities, and data-breach prevention baked into both front-end and back-end attack vectors. Additionally, in moving to a SaaS solution, we offboarded the responsibility of updates, security monitoring, and uptime management to a trusted third party who specializes in this service for millions of customers globally.
– Thycotic Secret Server (Privileged Access Management)
– Ping Identity for Customers and Workforce