LAS VEGAS – Automating identity and access management across almost 220,000 employees at J.P. Morgan Chase & Co. is expected to reap a return on investment of US$3.5 million in the first year alone, said company executives.
The global financial firm began implementing the security management solution from CA Inc. in 2006, with the goal of eliminating the need for administrative staff to manually manage employee access across an array of IT systems in the organization.
“We wanted to change the way access administration was done at our firm, and change the way people thought about it,” said Betsy Willie, vice-president of security management at J.P. Morgan Chase.
Willie shared successes and challenges of the company’s ongoing global implementation at CA World 2007 this week.
“For so long, the process was that an employee placed a request (for user access), someone approved it, and then someone granted it. It was a very manual, time-consuming process,” said Willie.
J.P. Morgan’s idea of eliminating that tedious human component meant not just automating the paper trail, but revamping the underlying business processes, as well. And although the new setup is centrally managed, the company’s individual business lines still hold some degree of autonomy, the J.P. Morgan executive said.
“We needed some level of central management,” said Willie, “but wanted to be able to give the lines of business their control of roles, rules and users.”
With a total budget of US$7 million, the project is a “truly global deployment,” according to Willie. J.P. Morgan opted to deploy the system to all of its branch offices across the world, instead of doing an initial rollout in the U.S., and then extending the system to other countries – as can often be the case in many IT deployments.
Although the term identity management has only begun to gain traction in the last five years, it’s a concept that holds immense value to the business, said Gerry Gebel, vice-president at Burton Group Inc., a research and advisor services firm based in Midvale, Utah.
Automating administrative activities, such as J.P. Morgan’s very manual user access system, makes for more efficient IT, especially given that businesses are typically driven to accomplish more with less, said Gebel.
In addition, an identity management system enhances user productivity because it minimizes time spent waiting for access to be granted via a slow manual process. For instance, new hires can receive their system access immediately and contract workers hired for a limited time period can start working right away.
Improved security is another business benefit because the technology provides more “granular” control over what users are allowed to do in an IT system, Gebel said. Identity management systems provide reporting capabilities that show transactions and other activities performed by a user in a particular role.
In implementing identity management, however, IT administrators should clean up user data in the system, suggested Gebel. This ensures an accurate information system and would aid the process of automating access, he added.
A centralized process, said Gebel, not only means audit trails can be produced, but also the business value of the technology can be measured. If such a project can prove itself a worthwhile investment of IT dollars, then that may make for easier project funding in the future, he added.