The automobile wasn’t invented because the horse and buggy didn’t work.
- David Tyburski, VP of Information Security and CISO, Wynn Resorts
When the COVID crisis hit, the global economy was shaken, and particularly the Hospitality industry faced some unprecedented challenges. Our client had to shut down their facilities and rapidly offboard, onboard, and transition employees.
With 198 applications, over 10,000 computer users, and nearly 2 million potential combinations of users, applications, and roles, the sheer volume became hard to manage. They leveraged INRY’s Identity & Access Governance (IAG) solution, Built on Now®, to quickly transform access management. ServiceNow was the platform of choice because it enabled a single platform for everything: ticketing, helpdesk, and incident management.
The heart of this solution is the brilliant data model designed by David. INRY took David’s data model and designed the IAG solution to remove complexity from the user request process and push it to the back end – where all relationships between user roles, applications, application roles and birthrights are maintained. This allows requests to be granted in mere minutes versus days.
Our client mobilized 15,000 people within one month during the pandemic. INRY's IAG solution helped them avoid $250,000 in additional costs; reduced human errors and shrunk their open access management request backlog to zero.
Meticulous audit trails and documented history helps them track who approved access, when, and why. Today, David and his organization have better access management processes and the ability to prove it.
Our Client was already leveraging ServiceNow for Incident Management, Helpdesk, and Asset Management. David believed that implementing access management on the same platform would drive faster and better adoption among users. Also, they wanted to connect the dots in a way they normally wouldn’t – reconciling access requests with software licensing and entitlement data, and orchestrating service delivery and patching.
David believed that INRY was the appropriate partner of choice for three reasons:
Our Client had traditionally used ECAR – Electronic Access Request application built on another platform. This was tied to their HR platform and designed around the person requesting access, rather than applications. ECAR did not provide views of applications or roles.
Administrators were challenged because they could act on only one request at a time. For example - John and Jill are both new employees with the same job function and they both submit requests to the same ten apps. The fulfiller, David, receives the request but in the legacy system, he can only see requests grouped by user, and not by application. Therefore he cannot tell that both John and Jill are looking for access to the same apps.
David starts working on John’s request, and logs in and out of all ten apps, granting access to John. Then he closes John’s request and starts working on Jill’s. He has to log in and out of all ten apps all over again to grant access to Jill.
Working on fulfilling only one user’s request at a time was both frustrating and inefficient. Fulfillers wanted to have access requests grouped by application, so that when they’re logged into it, they can grant access to both John and Jill at the same time, improving speed and efficiency.
In the example above, our Client wanted easy ways to answer questions like:
In David’s words, “The easiest way to steal something is to get permission granted.”
The heart of this solution is the simple, yet brilliant data model designed by David. Traditional IAM data models are complex, with a cobweb of interactions between users, applications, and privileges; even seasoned Access Management professionals struggle with it. Imagine the plight of end-users who must not only make sense of which applications they need for their job function; but also be able to accurately determine what privileges they need.
INRY took David’s data model and designed the IAG app to entirely remove this complexity from the user request process and push it to the back end – where all relationships between user roles, applications, application roles, and birthrights are maintained. This allows requests to be granted in mere minutes vs. days. Fulfillers can configure auto-approvals for certain privileges for certain roles. Users can only request access to applications and application roles that are relevant to their job functions.
INRY’s solution incorporates all that and uses Request Management, workflow capabilities, and ServiceNow orchestration with the “secret sauce” data model to build the IAG workflow and capability. The added governance, review, and audit controls make the solution valuable.
IAG users can fully leverage the power of the Now platform. They can interact and cooperate with other teams using the platform, for example, IT Operations - server, network or database teams, application owners, and so on. They can also build on native Now capabilities like AI, NLP and integrations to enhance the IAG functionality.
INRY’s Identity and Access Governance solution can be maintained by Access Controllers. It provides an Efficient Agile Scalable Experience (EASE).
Through this solution, our Client:
In addition, our Client integrated Identity and Access Governance with:
The 2500 open request backlog has shrunk significantly – and their Identity and Access Governance process is a model of efficiency with zero backlog. This gives our Client significant gains in their capacity to scale, while avoiding costs associated with their legacy process.
INRY's IAG solution provides real-time visibility with dashboards and reports, allowing our Client to track and manage unprecedented volumes of requests.
Having the right processes and risk profile is valuable. But what makes it even better is the ability to prove it. The IAG solution tracks all changes to user access over time, including who approved and granted access. This helps with faster response times during annual audits and periodic reviews of administrative access to applications.
Identity and Access Management can be a complicated area. Our Client's success depended on having a documented data model and processes for execution, which they were able to share with INRY upfront. They created a data model that can store applications and application roles, users and user roles, birthrights to automate approvals and revocation, and access historical data for yearly audits.
In conclusion, David says that he wants to “find bigger, better ways to make my life easier and Wynn more successful.”
INRY’s Identity and Access Governance solution, Built on Now®, is a simple and intuitive solution that brings efficiency to access request management. Organizations can bring all their identity needs onto a single platform. Curb the risk of excessive access permissions by allowing - the right people, the right access, to the right resources, at the right time.