I’ve recently been working on a cybersecurity project with a UK utilities company supplying around 521 million liters of drinking water every day. We were asked to provide Identity and Access Management (IAM) consulting services to produce an IAM vision, strategy and conceptual architecture.
Having been set targets by the UK regulator, the water company recognized that its current identity services would not meet future needs. In working with Capgemini, the business sought to ensure that there were sound strategic foundations on which new capabilities and ways of working could be built. This included appropriate business cases and a roadmap consistent with the IT strategy and the company’s move towards cloud capability.
An end-user perspective
Our initial task was to look at things from a user perspective, specifically issues related to authentication and single sign on (SSO). We took a user scenario of an engineer attending a flood event. In this scenario, the engineer had log-on issues, so was unable to access mobile applications to identify the water isolation valve. This had a negative impact on the company’s customer experience scores.
What’s interesting with this is that when you think about cybersecurity, it’s generally with a malicious or criminal attack in mind – how you prevent, identify, contain attacks, etc. But effective cybersecurity – in this instance identity access management – has broader business ramifications. By enabling engineers to access the information they need, where and when they need it, the water company would deliver a better, more trusted service to its customers.
We assessed our client’s mobile applications platform, providing five quick wins and five longer-term changes. We also planned and ran a business workshop that used Agile techniques to identify user stories as requirements.
A strategy for the future
This enabled us to produce the right IAM strategy for addressing current and future business requirements, including bringing the ad-hoc and manual Joiner, Mover, Leaver processes into scope. To support the strategy, we delivered a prototype showing how the conceptual architecture could be realized using a commercial off-the-shelf Identity as a Service (IDaaS) solution.
We then took a step back from the high-profile login issues and identified business-wide IAM requirements being delivered by other parts of the organization. As a result, our client would be able to make future cost savings by avoiding identity silos. We also highlighted that future requirements for Market Reform could be addressed so that the need for another federation platform could be avoided.
We can see from all this that cybersecurity ties in implicitly with business strategy. And we remained focused on the end game throughout: that of ensuring our client’s IAM supported its business strategy going forward.