The document outlines the evolution of Identity and Access Management (IAM) at a major U.S. financial service, emphasizing challenges with scalability, integration, and user intuitiveness in existing systems. It introduces Saviynt's IAM solutions, which provide fine-grained access management and improved onboarding processes, resulting in the integration of 182 applications within 4.5 months and significant compliance and security enhancements. Furthermore, the implementation of advanced analytics and insider threat management aims to address growing security concerns and improve operational efficiency.

1. A study in Borderless over Perimeter

2. Evolution of IAM at a US financial services major
• Increased adoption of Cloud & Big
Data – Workday, Office 365, SaaS,
Hadoop,…
• Adoption of BYOD is diluting
traditional perimeter
• Growing security concerns on critical
platforms
• Expanding compliance mandates
• Increased collaboration with business
partners
• End users did not find IAM processes
intuitive enough
• Existing Sun IAM platform was
challenged to scale and deliver
• Extremely long turn around to
onboard new applications to IAM
platform
• No single view of employees and
contingent workers
• Different service windows for logical
and physical access
2

3. Saviynt elevates traditional IAM with fine-grained
access management and usage analytics
3
Access /
Usage
Logs
Roles
Workflow
SOD
Controls
Life-cycle
Management
Self-service
Critical applications
Infrastructure platforms
E.g. AD, RACF, AS/400, LDAP, Identity
Management platforms,…
Fine-
grained
Access
Epic: templates, classes, security points
SAP HANA: roles, privileges, usage logs,..
Oracle EBS: Responsibilities, Menus, Functions
Office 365: groups, sites, folders, files,…

4. (Saviynt + ForgeRock) provided the next generation IAM architecture
Core architecture deployed in 2 months
4
Managed Systems
BigDataCloudEnterprise
Enterprise IAM
Identity
Warehouse
Fine-grained
Roles and SOD
Collection engines
for user access
and usage logs
Audit and
Control
SSO /
Authentication
Password
Management
REST APIs
BusinessView
Coarse-grained
Provisioning,
Synchronization
End-users, Managers,
IT Security, Auditors,
Platform owners
Fine-grained SOD
Management & Remediation
Enterprise / Application Role
Engineering & Management
Controls Library
(200+ security & SOD controls)
Access
Simulation
& Version
Mgmt.
Collectors
Access
Request
System
Access
Review
Security &
Compliance
Reporting
Saviynt AppSec Manager
Identity Stores /
Authoritative Sources
Custom AppsAD LDAP RACF Badging

5. Step 1 – Introduced an intuitive web and mobile UI
for access request and certification
5
• Simple grid layout for
easy navigation
• Supports
personalization
Mobile app available
on iOS and Android
Single window to request logical
and physical access

6. Step 1 – Introduced an intuitive web and mobile UI
for access request and certification
6
• Simple grid layout for
easy navigation
• Supports
personalization
Mobile app available
on iOS and Android
Single window to request logical
and physical access
• End users did not find IAM
processes intuitive enough
• Different service windows
for logical and physical
access

7. Step 2 – Single best-practice enterprise workflow and
pre-built modules to accelerate application onboarding
7
• Out-of-box single enterprise
workflow drives access
request behavior
• Enhanced with access
recommendations
• Met requirements of more
than 90% of enterprise apps
and platforms
• Promoted configuration
instead of coding to
onboard applications
• Reduced customization and
# of workflows, accelerated
application onboarding
• Based on industry based
practices
Integrated 182 applications
with new IAM platform in just
4.5 months
• Integration varied from automated to
semi-automated provisioning
• Usage logs were fed in for critical
applications, Cloud and Big Data
platforms
Privilege User
Management
Badge
Management
Contingent
Worker
Onboarding
Service
Account
Management

8. Step 2 – Single best-practice enterprise workflow and
pre-built modules to accelerate application onboarding
8
• Out-of-box single enterprise
workflow drives access
request behavior
• Enhanced with access
recommendations
• Met requirements of more
than 90% of enterprise apps
and platforms
• Promoted configuration
instead of coding to
onboard applications
• Reduced customization and
# of workflows, accelerated
application onboarding
• Based on industry based
practices
Integrated 182 applications
with new IAM platform in just
4.5 months
• Integration varied from automated to
semi-automated provisioning
• Usage logs were fed in for critical
applications, Cloud and Big Data
platforms
Privilege User
Management
Badge
Management
Contingent
Worker
Onboarding
Service
Account
Management
• Extremely long turn around
to onboard new applications
to IAM platform
• No single view of employees
and contingent workers

9. Step 3 – Implemented over 200+ security, process and SOD controls
ingrained in security platform, and actionable usage analytics
9
Financial platforms
(180 SOD rules)
o Core banking
o Investment management
o Life insurance
o Property and casualty
o Treasury
o Core financials
o Fraud management
o Information technology
SOX
Privacy
FFIEC
Access Logs
Analytics
Engine Access
Recommendations
Access Request – Peer recommendations
Access Approval – Outlier analysis
Access Certification – Outlier & Usage
analysis

10. Step 3 – Implemented over 200+ security, process and SOD controls
ingrained in security platform, and actionable usage analytics
10
Financial platforms
(180 SOD rules)
o Core banking
o Investment management
o Life insurance
o Property and casualty
o Treasury
o Core financials
o Fraud management
o Information technology
SOX
Privacy
FFIEC
Access Logs
Analytics
Engine Access
Recommendations
Access Request – Peer recommendations
Access Approval – Outlier analysis
Access Certification – Outlier & Usage
analysis
• Growing security concerns
on critical platforms
• Expanding compliance
mandates

11. Step 4 – Implemented fine-grained entitlement
management for critical apps, cloud and big data platforms
11
Managed Systems
BigDataCloudEnterprise
Fine-grained
Roles and SOD
Collection engines
for user access
and usage logs
Audit and
Control
BusinessView
IT Security, Auditors,
IAM Admins
Fine-grained SOD
Management & Remediation
Enterprise / Application Role
Engineering & Management
Controls Library
(200+ security & SOD controls)
Access
Simulation
& Version
Mgmt.
Collectors
Access
Request
System
Access
Review
Security &
Compliance
Reporting
Saviynt AppSec Manager
Custom Critical
Apps Workday Admins,
Big Data Admins,
Platform Owners

12. Step 4 – Implemented fine-grained entitlement
management for critical apps, cloud and big data platforms
12
Managed Systems
BigDataCloudEnterprise
Fine-grained
Roles and SOD
Collection engines
for user access
and usage logs
Audit and
Control
BusinessView
IT Security, Auditors,
IAM Admins
Fine-grained SOD
Management & Remediation
Enterprise / Application Role
Engineering & Management
Controls Library
(200+ security & SOD controls)
Access
Simulation
& Version
Mgmt.
Collectors
Access
Request
System
Access
Review
Security &
Compliance
Reporting
Saviynt AppSec Manager
Custom Critical
Apps Workday Admins,
Big Data Admins,
Platform Owners
• Increased adoption of Cloud & Big
Data – Workday, Office 365, SaaS,
Hadoop,…
• Adoption of BYOD is diluting
traditional perimeter
• Growing security concerns on critical
platforms

13. Step 5 – We are now implementing advanced
behavioral analytics
13
User
Amount
transactions
Date &
Time
IP
Address
User
Time Slices
Activity frequency
Network Sources
Daily, Weekly, Monthly, Day of
the Week, Time of Day,
Holidays, Weekend
Behavior Profile
Suspicious Activities
John. Doe
10/10/2011, 12:03:20,
10.12.132.1, John Doe, Email sent

14. Step 5 – …and activating various insider threat
management use cases
14
Insider Threat Intelligence
• Data theft detection and prevention
• Fraud detection and prevention
• VIP Snooping
• Sabotage detection and prevention
Data Exfiltration Analytics
• Data theft detection/prevention
• Signature less and correlation analysis of
Network and Host DLP
• Risk ranking of incidents and case
management
Fraud Intelligence
• Enterprise Fraud detection
• Web Fraud detection
• Customer Service Rep Fraud detection
Identity & Access Intelligence
• Global Identity Warehouse
• Access risk monitoring & cleanup
• Risk-based access requests
• Risk-based access certifications
Big Data Analytics
• Data Mining for security intelligence
• Purpose-built Security Analytics on
Hadoop, Greenplum and other Big Data
stores
• Visualization of linkages in large datasets
Cyber Threat Detection
• Targeted attack detection
• Low and slow attacks
• Advanced malware detection
• Investigation & Response
Application Security Intelligence
• Privilege Misuse
• Unusual view/download of sensitive
information
• Account Takeover
• Off the shelf and Custom Apps
Security Risk Monitoring
• Continuous risk monitoring
• Organization Risk Scorecard
• User Risk Scorecard
• System Risk Scorecard
Case Management
• Graphical Link analysis using investigation
workbench
• Case management
• Fully configurable workflow
• Reporting

15. We helped realize tangible benefits for the client…
15
Uniform risk and security management
• Consistent security model using roles, SOD policies, rules, templates, etc. across various critical /
enterprise applications, Big Data and Cloud providers
• Over 200+ security and SOD controls library, compliance dashboards provide visibility to security
posture
• Automated security life-cycle management combined with actionable usage analytics
• REST APIs enable easy integration with enterprise applications
Faster time to value
• Saves >70% time in implementing security vis-à-vis traditional methods
• Pre-built life-cycle management modules and best practice workflow
• Rapid application integration promotes factory model
Lower TCO
• Subscription-based pricing model
• Cloud-based deployment option available, lowers hardware footprint
• Reduce administrative overhead for audit reporting and user access management
• Improve end user satisfaction with intuitive and mobile ready security tools
1
2
3

16. Visit us at www.saviynt.com or our booth at IRM Summit
Thank You
Questions?