Office of the Public Service Commission (OPSC)

Afrocentric IP partners with Micro Focus in successfully delivering NetIQ Identity Governance for audit compliance through regular access review process with improved business participation.


Download PDF

“The monthly access reviews just happen and we always feel confident about the outcome of them. Micro Focus was a fantastic partner for us during this project and we can see how expanding our use of Identity Governance will bring us further efficiencies.”Mpho BasitereHead of IT, OPSC

About Office of the Public Service Commission (OPSC)

The OPSC is tasked and empowered to investigate, monitor, and evaluate the organization and administration of the public service. This mandate includes evaluation of achievements, and promoting measures that would ensure effective and efficient performance within the public service.

Challenge

Regular user access reviews serve to verify and validate that user access to systems and applications is appropriate given their roles and responsibilities within the organization.

The OPSC conducted its access reviews in an entirely manual fashion, supported by spreadsheets which were reviewed and certified. Mpho Basitere, Head of IT for OPSC, explains: “The process was cumbersome and time-consuming and by the time the review was completed, the situation would have changed again, so it was never a true reflection. Access reviews were conducted twice every year, but audit findings showed this was not frequently enough.”

Some of the OPSC applications were hosted by external providers. For access review exercises they would need to request the information from the application owners and it would often take 2-4 weeks before all the information was collected. From start to finish the certification process would take 6-8 weeks to complete. Business participation was hard to secure as the process was so manual and this resulted in inadequate reviews and certifications.

The OPSC wanted a solution to help them automate access review and certification so that they could perform monthly reviews. Automatic scheduling was a must too, so that it does not become an onerous task for the identity governance administrator.

Our Solution

Micro Focus presented its Identity Governance capabilities, and immediately OPSC could see the potential, according to Basitere: “It was clear that, using Identity Governance, we could satisfy auditors and business managers with intuitive user-friendly and automated access certification processes and reports. It was a real worry that our business participation was low as this could lead to unidentified orphan or dormant accounts which ultimately present a security risk to the organization.”

Identity Governance ensures initiatives stay on schedule with automatic system reminders to business reviewers and progress updates for administrators. This means that the identity governance administrator only has minimal involvement to review any escalated issues.

With a combination of internal and externally-hosted applications at OPSC, it was difficult to conduct enterprise-wide access certifications. Using Identity Governance, data from all applications is collected using a wide range of access protocols so that all relevant applications are included in the process.

Once the solution was operational, increased business participation soon followed. Basitere comments: “Access review reporting is made so much easier through Identity Governance. We can conduct far more granular reviews, including privileged user account reviews, as all the information is available within Identity Governance.”

Access revocations are still dealt with manually, but OPSC has included automation of this on its roadmap and Identity Governance fully supports this.

Results

Access reviews are now conducted on a monthly basis, which satisfies auditors, and means that the certified information is a true reflection of what currently exists in production. This process requires no paper work and minimal manual intervention.

Basitere: “Using Identity Governance, we have reduced our security risk by at least 50 percent by eliminating any orphaned or dormant accounts, thus closing the security loop available. It has also brought us some cost savings as we will clearly not pay maintenance and renewal charges on those accounts.”

He concludes: “The ability to identify, review, and certify privileged accounts has been really helpful to us. Overall, we are very pleased to have found a solution which has complete buy-in from our business audiences. The monthly access reviews just happen and we always feel confident about the outcome of them. Micro Focus was a fantastic partner for us during this project and we can see how expanding our use of Identity Governance will bring us further efficiencies.”

Government

South AfricaEurope

  • 50 percent security improvement through elimination of orphaned and dormant accounts
  • Audit compliance in move from six monthly to monthly access reviews
  • Externally hosted applications and privileged accounts included in the automated access review process
  • Increased business participation so that certified data is a true reflection

Let's Talk


Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.

Amy Sachrison
Director
Press & Analyst Relations

Phone: (713) 418-5368
Email: amy.sachrison@netiq.com