Evaluating IAM maturity and building a remediation roadmap for a multi-national insurer
- Cybersecurity
The challenge
Fragmented IAM processes
With no Identity and Access Management (IAM) team and fragmented processes, the UK branch of a multi-national insurance company faced rising operational risks.
Embarking on the journey of improving their IAM governance, the organization sought assistance from Wavestone to review their current IAM practices, to catalyze the planning and framing of future remediation initiatives.
Our approach
Leveraging Wavestone’s IAM Maturity Framework
Wavestone’s IAM Maturity Framework, was deployed to provide a detailed view of the current situation. The Framework scores maturity across six key pillars and against industry standards, providing a clear benchmark and actionable priorities. This approach helps clients compare their position against industry standards, measure and improve their IAM practices.
In this instance, this client sought to leverage it at the start of their remediation roadmap and efforts, however, it can also be used throughout a transformation to track the improvement of IAM processes both over time and across programs.
Two phases to deliver actionable outcomes
While reviewing existing documentation and architecture diagrams, holding 15 workshops with key stakeholders to complete the Framework questions, the team compared what was documented versus the on-the-ground reality and implementation of processes and policies.
A two-phased approach was employed to ensure actionable results for the client:
The Maturity Framework was conducted and played back to the client to ensure they were onboard with our findings and understood the impacts of the risks identified. A gap analysis was performed alongside this to supplement the maturity ratings across the six IAM pillars and benchmark the organization to industry standards.
The pain points collected in phase 1 were rated and prioritized by operational risk scenarios to highlight the key priorities for remediation to drive immediate risk reduction and tackle the most imminent threats.
The IAM Maturity Framework enables Wavestone to provide a level of maturity (1 being initial/immature and 4 being exceptional) for each question within each of the six pillars, giving a pillar-level and overall score respectively.
As an example, at the pillar level, the client was able to understand what areas within Access Control they needed to remediate and how they performed across individual IAM processes. At the overall level, Wavestone provided an industry benchmark that looked at the entire client base who have leveraged the Framework, as well as an industry focus on comparable Financial Services and Insurance results.
Following the successful completion of the maturity assessment, the client integrated the three defined workstreams into the business case and book of work for IAM remediation activities, and Wavestone were asked to perform a subsequent IAM assessment of another entity in the group.
Key trends shaping the future of digital identity
Discover how to manage access in a way that empowers your people, protects your assets, and supports innovation? Start your journey to secure, scalable, and intelligent identity.
