US$1.6 billion global hospitality organization calls on Protiviti to design new identity and access management programIT Consulting – Managing IT Security and Privacy

Client ChallengeWhile in the process of separating from its parent company, a US$1.6 billion global hospitality company turned to Protiviti to analyze, plan and design effective and efficient identity management processes and supporting solutions for its 10,000 end users housed at more than 75 locations. Many of these processes and solutions had been previously performed and managed by the parent company. As part of its separation, our client had to design and implement its own identity management support structure but wanted to avoid significant headcount increases while accomplishing this.

New and revised solutions and processes were needed for public key infrastructure (PKI) authentication, provisioning and de-provisioning, access recertification, and federated identity/single sign-on (SSO). The company had to develop a migration plan to the new environment for existing users, systems and devices. The organization also had a manual and time-intensive access recertification process that took nearly 90 days to complete. As it had previously identified poor provisioning and de-provisioning in annual audits, our client saw this initiative as an opportunity to address this issue, as well.

P O W E R F U L I N S I G H T S For this project, our client sought our assistance to gather requirements, design a solution, select an appropriate product, design the identity and access management process, and plan migration across the identity management spectrum of authentication, provisioning, recertification, SSO and PKI.Working with our client, we:

• Assembled a team of subject-matter experts throughout our firm with areas of expertise that included PKI, SSO, authentication strategies, role-based access design, provisioning and project management.

• Assisted with requirements gathering and high-level solution design. Once the requirements had been gathered, we leveraged our experience to produce a short list of products and solutions that would properly support the design.

• Assisted with developing an implementation project plan for each work stream. We worked with our client to determine resource needs and offered input on additional resources that would be required to support the new processes and solutions.

• Led detailed design sessions for the provisioning and recertification processes, which included opportunities for automation in order to keep headcount to a minimum.

• Helped application administrators to understand the configuration changes necessary to authenticate to the new domain and integrate with the new PKI solution. Especially helpful was our assistance for those applications that previously authenticated to an LDAP directory but now had to authenticate to an active directory.

©2013 Protiviti Inc. An Equal Opportunity Employer. PRO-PKIC-0513-109Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

ContactsCal Slemp+1.203.905.2926cal.slemp@protiviti.com

Willy Alvarado+1.407.849.3917willy.alvarado@protiviti.com

About ProtivitiProtiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000® and FORTUNE Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.

Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

P R O V E N D E L I V E R YWe leveraged our extensive experience to facilitate a quicker design and selection process for our client’s new authentication, PKI, SSO/federated identity provisioning and recertification solutions. Among the benefits our client achieved as a result of our assistance:

• Single sign-on/federated identity with three critical business partners has reduced the time required for provisioning processes and provides value to end users.

• The cleanup and automation of provisioning processes have resulted in a significant decrease in audit findings, reduced the average turnaround time for providing end users access to highly sensitive databases and applications from five days to one day, and eliminated the need for an additional three support staff while enhancing the end-user experience.

• Automation of the recertification process has freed up two full-time employees to be deployed in other critical areas in the organization.

• Configuration guides produced for application administrators have helped streamline deployment and testing cycles related to authentication to the new domain.

• Additional reporting capabilities enable our client to monitor changes to critical support systems sufficiently and provide management and auditors with the information they need.

How We Help Companies SucceedOrganizations face significant challenges in identity and access management. The numbers of both internal and external users are expanding. Being able to answer the question, “Who are you?” is foundational to all digital and physical access management. Managing privileges and associating them with the provisioning of services, assets and access is a complex and difficult process. Shutting down those privileges when roles change or an employee leaves the organization is equally crucial to the security of your systems and information.

Protiviti’s Identity and Access Management professionals have extensive experience in establishing meaningful, workable and verifiable policies and procedures, and we can assist in reducing the time required to develop them for your environment. We also can assist you in defining a strategy, establishing policies, certifying environments (and tools), federating partners, selecting an appropriate product, and deploying systems. Above all, we can provide insight regarding what will be effective for your organization as well as establish identity programs that can scale with your unique business needs.