Overview
Executive Summary
3,600 employees, 6,000 applications, 7,000 mailboxes and 80 million documents— all split across three environments. This was the situation facing one of the world’s largest law firms after it merged with two other peers. To enhance unity and security, it needed to migrate identity management onto a single automated platform, from which it could develop additional enhancements for business and security. All this had to happen with minimal disruption to operations.
The customer approached Identity Experts, a part of Performanta, on the recommendation of Microsoft. Our Identity Experts team have wide-ranging experience creating integrated and automated identity management systems that operate across on-premises and cloud environments. For this client, they implemented a Microsoft Identity Manager (MIM) service that integrates with Active Directory and PeopleSoft, the client’s HR software.
Using this integration, the client’s HR staff manages identity information that MIM uses alongside Active Directory to automate provisioning, synchronisation and access rights. Our team inspected the clients’ 20 years of PeopleSoft and Active Directory data to select the most relevant information for the migration. We also helped the client design and implement suitable policies to meet the legal industry’s security requirements.
Our team created user account creation policies, access right assignment, and rules for automating access to security groups to ensure a smooth transition. Once preparations were completed, we deployed the new environment across a long weekend, so employees never lost a day of productivity. The new system is entirely automated, using HR data to add and remove users. It also provides a single sign- on service for the firm’s many applications, including multi-factor authentication. Our solution extends to the cloud, and as a result, the client has started using more advanced Azure services and introduced advanced threat analytics and protection.
The Challenge
The client, a major international law firm, had merged with two other firms. Consequently, permissions and access to systems for its 3,600-strong workforce were distributed across three separate identity and Active Directory environments, supporting over 6,000 applications, 7,000 mailboxes and 80 million documents.
This layout posed security and productivity problems. The client relies on Active Directory to connect with downstream services such as Sharepoint, print management and home drives. They required all users to migrate to a single system that manages authentication and access, reflecting the policies required for strict information management in a law firm.
Another stipulation was to apply housekeeping to 20 years of identity and permission data and migrate only the necessary information into the new systems. Furthermore, it relies on PeopleSoft software to manage its human resource requirements and needed this service to integrate into the new environment. And the project had to roll out in a fashion that didn’t negatively impact employees or operations—no disruptions.
The Solution
Our client approached Performanta’s Identity Experts team after a recommendation from Microsoft. Identity Experts specialise in creating integrated, single-truth identity management environments, often using Microsoft Identity Manager (MIM) as the linchpin system. MIM enables us to automate the entire identity management process, using data from Active Directory and HR systems—in this case, PeopleSoft.
We wanted to include HR staff from the start, and one of the earliest steps was to link the PeopleSoft system with MIM. This gave HR control over the data, and the means to create and disable user accounts and put users in distribution lists and security groups and other identity features. Our team also created key user accounts and lists to prepare for the eventual migration.
Using HR’s input and our experience prepping automated identity management, the Identity Experts team cleaned the relevant data and primed it for migration. This step included generating a view of the PeopleSoft SQL database to identify relevant data. To manage discrepancies between PeopleSoft and Active Directory data, we implemented fuzzy matching and algorithms to correctly associate identities with permissions. We also worked with our client to develop and establish appropriate policies.
Taking advantage of a long weekend due to a bank holiday, our team migrated the entire system in a few days. When employees left on Friday, they were on the old fragmented systems. When they logged in on Tuesday, they used the new integrated single identity management environment.
The Results
Over six months, we unified the three disparate identity and IT environments, then rolled out the final step over a weekend. The new system is fully automated, using data from Active Directory and PeopleSoft via MIM, managing roughly 4,000 distribution lists. Our customer now applies and manages information and access policies with greater effect and ease.
The primary goal was to unify disparate business technology environments under one manageable regime, and to clean and migrate two decades’ worth of relevant data. There were additional benefits as well. The project opened doors for our client to implement advanced threat analytics and protection. Their employees now access applications with a single sign-on service powered by Active Directory Federation Services (ADFS), including multi-factor authentication. They are also expanding their on- premises environment into the cloud by exploring Microsoft Azure services and integrations, such as Azure Information Protection.
Above all, Performanta and Identity Experts delivered this project with minimal disruption to the workforce and their productivity. We worked closely with our client to ensure we designed and followed a migration process fitting their needs. Our experts leveraged a combination of standard and bespoke tools, complemented by our deep experience orchestrating automated enterprise identity management environments. Today, our client has control over identities and access management stemming directly from the HR system and Active Directory, complete with clean data, and they have more freedom to explore other digital enhancements to their business.
Talk to our experts
About Performanta
Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.