Beacon Professional Services and Sun offer the key to a successful identity management migration

It seems to happen a lot these days: a Fortune 100 financial services company with thousands of employees acquires another, just as large. How can organizations of this size merge their identity infrastructures without massive disruption to business and major headaches for customers and employees?

Cost of Maintenance Spirals

A large financial services company had different user-provisioning systems, the result of acquisitions and different internal initiatives over the years. The company had an internally-developed provisioning system that serviced some divisions, while other divisions utilized a commercial off-the shelf (COTS) system. Depending on which division they worked and what application access was required, employees had to submit requests to different identity management systems — using fax, email, or through a Web interface depending on the system.

Maintenance costs for the homegrown system were spiraling out of control, and the COTS system was up against the boundaries of its capabilities. The lack of information flow between the two tools created process roadblocks and potential security gaps, decreasing operational efficiency and increasing organizational risk. Of course, a system that has been built up over the course of several years cannot be changed overnight. And this type of migration can be risky if service quality or employee productivity suffers. Some divisions may even feel that losing their legacy system could cause them to lose control of their data.

Beacon and Sun Identity Management

Beacon Professional Services, a Sun Partner Advantage Program principal partner, was selected to guide this mission-critical transition.

The customer asked Beacon to help migrate both systems to a new solution built on Sun Identity Manager software. Sun's identity management portfolio is a comprehensive solution, providing role-based user provisioning that enables customers to use business roles for both identity lifecycle management and identity auditing across enterprise and extranet environments.

Beacon has delivered many of the leading identity management solutions in use today, driving hundreds of successful enterprise implementations for primarily Fortune 500 companies located in Europe and North America — across virtually all industries. Many of the initiatives have started with an existing identity management infrastructure.

Beacon has been certified as a Sun Identity Management Specialty partner, which means its architects have met a very high level of proficiency in Sun Identity Management. Beacon has deep experience with Sun and Identity Management products, writing resource adapters for the engineering team and assisting on difficult trouble tickets. According to Mark Richardson, Beacon's CEO, "We can show customers that we'll get the job done in a way that fits their schedule at a competitive price."

Beacon has invested heavily in the Sun Identity Management Specialty partner program, with 40% of the staff having achieved the Identity Architect certification. "Sun has done a super job with the Identity Specialty Program. The architect certification requirements are extensive, which means customers know they are hiring someone with significant real-world experience as well as deep technical training. We believe in the program and we're on track for all of our consultants to become certified architects. We set the bar high so our customers know they won't waste time and budget for a consultant that still needs to learn the product," offered Richardson.

Increased Security and Productivity

Beacon worked with this financial services company to identify the most critical processes to be switched over first. This enabled them to proceed at a pace where they could maintain operational stability, show progress to management, and strike the right balance between risk and reward. Deploying Sun Identity Manager enables them to increase security and productivity with existing systems, and quickly integrate with new ones. In many instances, the key to a successful migration is to avoid the complexity of a massive rollover by working in phases and maintaining a consistent interface, so there is no confusion among employees about where data resides or how they can access it.

Drawing on years of identity management development and standards expertise, Beacon used Beacon Identity Interface, a Service Provisioning Markup Language (SPML)-based interface to integrate the two existing provisioning systems and implement a global end-user GUI. As systems and data were gradually brought into Sun Identity Manager, a single self-service console offered self-service access to roles and resources across multiple provisioning systems, presenting a seamless, transparent transition to employees and customers. New functionality was also added, providing a truly unified access control model to both old and new systems.

Meeting the Challenges Head On

"During the transition, the interface remained consistent, but behind the scenes, pieces were moving all the time," Richardson says. "And they enjoyed more of the security and benefits of Sun Identity Manager."

The approach enabled the financial services company to retain the flexibility to make changes as they became feasible, rather than forcing a transition before everyone was ready. "This is not unusual. Most big organizations can't move that fast," states Richardson, "because their systems were put in place over many years and there are critical functions that are used every day."

Another key issue for the financial services company was compliance and reporting. By enabling all three systems to push data through a unified reporting console, the company was able to streamline its efforts for compliance and reporting.

Results Worth Repeating

Richardson claims, "The money they spent on Sun Identity Management was well-spent." The results bear this out:

• By reducing complexity, the combined solution has saved millions of dollars annually from the company's identity management budget
• The number of requests for termination of access that met the department's service level agreement (SLA) increased 232%
• The handling of thousands of user accounts across multiple managed systems and provisioning systems was greatly improved, increasing productivity

In the end, migration to a system built on Sun Identity Manager enabled the financial services company to:

• Implement immediate access termination across the company
• Feed disparate user data on roles, groups, and privileged access into a centralized reporting warehouse
• Fulfill audit and compliance requirements
• Decouple the solution's presentation layer from its provisioning engines
• Leverage existing security solutions and avoid vendor lock-in
• Standardize and control the end-user experience

Beacon's overarching goal is to help its customers build up their own knowledge, so they don't have to rely on outside experts. "We may work ourselves out of a job, but eventually they will need more help. If we do right by them the first time, we like to think they'll be back," says Richardson. "So far, this has worked pretty well for us."

Want to know more?

Learn more about Sun Identity Management offerings and Beacon Professional Services and their offerings:

• Beacon Professional Services
• Beacon Identity Interface
• Sun Identity Management