Transforming Active Directory Health for Reduced Inactive Data and Improved Efficiency

“As it is an ISO 9001-certified organisation, we are required to meet global standards for data quality, with improved business and operational processes. Having this level of quality data in our Active Directory means that integration of SailPoint IdentityIQ for our progressive IAM strategy will now be a more seamless process thanks to Turnkey.”

— Identity & Access Management Programme Manager

Challenge

With the increasing threat of cybersecurity challenges in the pharmaceuticals sector due to sensitive data and high value technology, Turnkey’s client works consistently to minimise risk exposure and manage global user access to the right systems and data.

Its Active Directory is more than just infrastructure, it is a security asset and the foundation that provides authentication and authorisation for every critical resource across the organisation. The pharmaceuticals company had plans to implement the latest AI-driven identity security software solution, SailPoint IdentityIQ. This would automate processes and implement role-based access control for enhanced risk management.

Before realising the new IAM strategy, the company needed to address some considerable data quality issues and inconsistencies in its Active Directory, going back nearly 20 years. Cleaning up the existing data would not only save costs in the long term by optimising performance and improving user experience but would decrease the risk of security breaches and potential adverse audit findings down the line.

Solution

Accurate, up-to-date, and consistent data is vital to a successful IAM strategy but achieving data quality and alignment can be a major challenge. The pharmaceuticals company turned to Turnkey Consulting to provide this essential clean-up process for its Active Directory to ensure it was ready for the IAM implementation.

A clear methodology

Turnkey deployed its tried and tested clear methodology to its data quality approach for the client’s Active Directory. The structured process started with analysis to understand the client’s data model. Turnkey looked at data set numbers, data sources, data usage and how data is currently updated.

Data clean-up is an essential procedure to align the data across multiple bases. Inaccurate, incomplete or inconsistent data was standardised and enriched, while unused and badly integrated data was cleaned. This is particularly important when employees start and leave the company, as well as change job roles, ensuring obsolete user accounts are disabled in order to reduce security risks for the organisation.

Turnkey’s analysis revealed considerable inconsistencies in the data including duplicates, inconsistencies, blank fields and unused data. The data crunching profiling created around 50 findings, with each one requiring impact analysis, mitigation, change management and cost vs benefit analysis.

The client’s Active Directory contained nearly 20% of unused or inactive user groups. Turnkey undertook short-term remediation to address these issues and clean up the data over a threemonth period. 

Process improvement

Turnkey created a process improvements document to identify root causes and make recommendations for further improvement and monitoring of the client’s data strategy ahead of the IAM implementation and beyond.

From a security risk perspective, the findings uncovered that there were identities not clearly linked to active users and some roles had been created by copy and paste. User experience was also a real problem area for the client, with users experiencing difficulties in getting the right access and authorisations for their roles. This was resulting in high levels of service desk usage for increased incidents and risked leading to adverse audit findings further down the line.

Turnkey’s client now has a comprehensive overview of existing and potential issues, and recommendations for improvement and monitoring to avoid future issues. The remedial cleanup has taken place, with a second round of analysis due to take place imminently.

Benefits

• Enhanced security: The Active Directory has been cleaned up ahead of the SailPoint IdentityIQ implementation, reducing the threat of potential security breaches from hackers who often exploit unused, empty or expired user and group accounts. 
• Improved user experience: There is reduced pressure on the company’s service desk as user information is up to date with the right access, controls and authorisations, resulting in less incident reports.
• Optimum data performance: With 20% less unused or inactive user groups, administering access and provisioning of users and groups within the Active Directory is simple and secure. 
• More accurate reporting: running Active Directory reports is more efficient, with the ability to produce up to date, accurate reports on current users and groups.
• Compliance and governance: The client is able to maintain and demonstrate compliance with clean, updated data logs which are auditready. With reduced downtime and the right access and controls, proper governance is in place to mitigate the risk of security breaches from unauthorised users.