Detailed Concept
“Getting to the bottom of things”
The detailed concept represents the deepening of the detailed concept and comprises the functional and technical detailed concept, the business role concept and the project planning. It forms a kind of “manual and requirements specification” according to which the identity management or IDM solution must be implemented and ensures that the time schedule and budget are adhered to and that defined project goals are achieved.
- For the detailed business concept, deron provides details and completes the TARGET processes defined in the detailed concept with regard to identities and their authorizations. With the involvement of the department, deron takes workflows, escalation scenarios and special cases into account and draws on a library of comprehensive templates.
- For the detailed technical concept, deron does the following :
- Technical specification of the IDM system, including, infrastructure, data model, attribute flows, schema mapping, and more.
- Specification for the implementation of the business processes that describes which business requirements from the processes are mapped in which components of the IDM.
- Test procedures, test cases, aspects of data migration and data cleaning.
- The RBAC (Role Based Access Control) is the supreme discipline of the IDM, but also that part of the project which brings the decisive benefit. deron has developed its own analysis tools which we can make available to you:
- Top-down: Organizational data such as location, department affiliation, activity, cross-sectional function, etc. are analyzed for their authorization relevance.
- Bottom-up : Authorization data from target systems (Active Directory, Lotus Notes, SAP, databases etc.) are analyzed and validated.
- With the help of differentiated synthesis methods, deron converts all results into a common model.
- Sound project planning makes a project. This is all the more true for a project as challenging as Identity Management. All parties involved must be brought on board. The business departments, HR, and IT, including compliance/security, must jointly develop their individual IDM solution. Our experienced project managers coach, support and strengthen your project manager in coping with these tasks.
Our services in detail
The detailed concept forms a kind of “handbook and requirements specification” according to which the identity management solution must be implemented. It represents an essential component of the deron IDM project methodology, our special procedure for IDM projects, which was developed on the basis of empirical values from over 150 IDM projects and is based on agile methods. The detailed concept ensures that all functional and technical aspects are adequately described and approved by all parties involved before the solution is implemented. A good and complete detailed concept ensures that time planning and budget can be adhered to and that the project goals defined in advance can be achieved.
The detailed business concept is based on the TARGET processes of the Big Picture and refines them, taking all details into account. The detailed technical concept describes how these processes are implemented within the IDM solution and what the infrastructure looks like.
Detailed Business Concept (Processes)
The detailed concepts serve to detail the process sequences defined in the detailed concept (big picture) and all other business requirements. This level of detail is necessary to further specify the process descriptions from the detailed concept, which are deliberately only outlines, with regard to the planned workflows, the necessary escalation scenarios and relevant special cases. It is necessary to distinguish this from the detailed technical concept since at this point the focus lies on the processes, identities and their authorizations (see below), rather than on the technical connection of systems and their architectures. Incorrectly, IDM business concepts often only describe the status quo and only very superficially, i.e. the life cycles of the users are only partly mapped. Above all, deprovisioning processes are easily forgotten, so that an employee collects more and more authorizations in the course of his employment, but none are revoked – an enormous security risk. The application of deron’s own life cycle process model, which considers all processes of the user life cycle, as well as the revocation of authorizations, avoids this risk from the outset.
AA further essential aspect in the preparation of the detailed business concept is the involvement of the department in the workshops. This means that mandatory requirements, such as delegation regulations, are not forgotten and the department is integrated into the design process. In this way, we guarantee simple and at the same time reliable processes that are accepted by the business departments and thus ensure the value of the IDM. In order to implement these, we use a library of comprehensive templates that reflect the experience gained from successful projects in your industry and considerably reduce the effort involved in the project.
Detailed Technical Concept
Together with the detailed business concept, the detailed technical concept forms the basis for implementation. It determines how all technical processes and requirements are implemented in the customer’s IDM solution and what the necessary infrastructure looks like. Since the IDM products differ considerably in terms of their technology, it is all the more important for you as the customer that deron has competent IDM architects who have specialised in the respective technology.
We differentiate between the following technical concepts:
- Technical specification of the IDM system, including infrastructure, data model, attribute flows, schema mapping, etc.
- Specification for the implementation of the business processes, which describes which business requirements from the processes are mapped in which components of the IDM.
- Technical concept for preparing the deployment, which describes test procedures and test cases and contains all aspects of data transfer and data cleansing.
We promise you that all components of the detailed technical concept will be described by our experienced project specialists so that a flexible and sustainable solution will be created for you.
Business role concept
The path to a valid and applicable business role concept (also called Role Based Access Control or RBAC) is probably the supreme discipline of Identity Management (IDMs), but also the part of the project that brings the decisive benefit. Put simply, the goal of a business role model is to systemize access to corporate resources. This is done on the basis of so-called business or specialist roles (not the same as technical roles at system level!). This provides our customers with security and transparency regarding the accounts and authorisations assigned or to be assigned. It must be clear that not all exceptions can be included in such a model and thus regulated. The allocation of individual authorizations and special cases will continue to have to be made separately and thus case-related – for reasons of economic efficiency alone. The Pareto principle will therefore be applied.
The detailed concept represents the deepening of the detailed concept and comprises the functional and technical detailed concept, the business role concept and the project planning. On the basis of the analysis procedures developed by deron, two approaches:
- Top-down: Organization data such as location, department affiliation, activities, cross-divisional functions etc. are analyzed for their authorization relevance
- Bottom-up: Authorization data from the target systems (Active Directory, Lotus Notes, SAP,Databases etc) are analyzed and validated
…and are used and their results transfered into a common model with the help of differentiated synthesis procedures/methods.
This sounds simple. In practice, however, our customers often only realize the complexity behind these analysis and synthesis methods too late and that without comprehensive experience and special tools the creation of an applicable business role concept is not feasible. After not finding any usable tools for our practical analysis approaches on the market, we developed our own analysis tools, which we can make available to you in the project. These tools support the development of a business role concept taking into account all authorization and organizational data and ensure the acceptance of the model by the specialist departments and IT.
Project planning
Precise project planning is extremely important for the execution of a project. This is all the more applicable to a project as demanding as the conception and implementation of Identity Management (IDMs). Within an IDM project not only the requirements of the IT and its system landscape have to be considered sufficiently, but it is more important to tackle cross-organizational processes, to standardize them and to make them safer and more efficient. In order to achieve this, all parties involved must be brought on board, and the business departments, HR and IT, including compliance/security, must jointly develop their IDM solution. Resources must be available in sufficient numbers and it is also necessary to think about “marketing” the project within the company and emphasizing the advantages for all. Intensive coordination between the departments is therefore absolutely essential.
It is good to have a partner like deron who can accompany you on this path with knowledge from more than 150 IDM projects and 15 years of experience. Our experienced project managers coach, support and strengthen your project manager in coping with these tasks.