A San Francisco-based company and the global leader in press release distribution and regulatory disclosure has maintained its edge over their competitors by relying on patented technology to disseminate press releases within milliseconds to thousands of media points. This technology allows them to control their client’s sensitive information before it hits the wire. Maintaining their security posture is of top importance to remain SOC 2 certified and complete two audits each year.
In 2015, the company was using a legacy identity management system that was hard to maintain and being phased out of the industry. Their password management platform was homegrown and unfortunately neglected. The business was adopting an increasing number of applications that required integrations to manage and grant access. Many of the app integrations did not exist with their legacy solutions, making it difficult for users to request access. Getting their environment on track to provide value to users, remove the manual burden from IT and allow them to demonstrate compliance more effectively became a top priority. The team liked the flexible and quick time-to-value a cloud-based identity program provided. Their hybrid IT stack had introduced more cloud integrations over the years, further validating this approach. By partnering with SailPoint, their cloud-based identity governance journey began.
Moving Identity Management to the Cloud
The director of web systems and global support prioritized implementing their automated password management solution first. He wanted to quickly reduce the number of helpdesk calls and tickets being opened. “One of the major wins with SailPoint’s password management solution is the ability to enforce complex passwords with valid characters and preserve the password history for each user. We no longer struggle with enforcing these best practices – SailPoint does it for us,” he reflected. The drastic reduction in help desk tickets has freed up the IT team to focus on more serious IT projects and incidents.
The team then moved their focus to implementing access certification capabilities which would automate the bi-annual campaign they ran for auditors. For each campaign, they contacted management across the organization to review their employee access. Access is either approved, revoked or reassigned – all tracked through SailPoint. They can also send reminders to managers who have not completed their certifications. Trails of approvals are provided to auditors to demonstrate proper controls are in place for managing access. When access is revoked, it’s now immediate and 100% of their certifications are completed for each audit. Over the past few years, they have improved the process as well, going from nearly one month for a certification period to two weeks. “This speaks wonders to the efficiencies we’ve created and the level of comfort our managers have with the process and SailPoint,” he shared.
Reaping the Benefits of Identity Governance
The company aims to provide the best environment possible for their employees. The newly improved identity governance program gives employees fewer interruptions in their day, allowing them to focus on their jobs instead of worrying about access and IT issues. “We also have a much better handle on our IT sources and who is accessing them, reducing potential risk and increasing our security. When your IT environment is growing from added applications and users, centralizing and automating your identity governance program is a necessary best practice,” he shared.
Going from an on-premises, homegrown and legacy environment to a cloud-based program is no small feat. Their director shared some of his recommendations for how to tackle this approach in your environments.
- If password management is on your roadmap, start with this. You can experience incredible ROI with this technology and it will give you a quick win right off the bat.
- Get a clear view of your employees and the roles they may be operating under. Understanding your environment, how HR is managing employees and the needs your internal teams have will set you up for success.
- Approach the program from the customer’s perspective. You will win over your employees sooner, and your users will be more active in the solution with this approach.