About Office of the Public Service Commission
The OPSC is tasked and empowered to investigate, monitor, and evaluate the organization and administration of the public service. This mandate includes evaluation of achievements, and promoting measures that would ensure effective and efficient performance within the public service.
Micro Focus partner Afrocentric IP presented Identity Governance, and immediately OPSC could see the potential, according to Basitere: “It was clear that, using Identity Governance, we could satisfy auditors and business managers with intuitive user-friendly and automated access certification processes and reports. It was a real worry that our business participation was low as this could lead to unidentified orphan or dormant accounts which ultimately present a security risk to the organization.”
Identity Governance ensures initiatives stay on schedule with automatic system reminders to business reviewers and progress updates for administrators. This means that the identity governance administrator only has minimal involvement to review any escalated issues.
With a combination of internally and externally hosted applications, such as BAS, Logis and Persal at OPSC, it was difficult to conduct enterprise-wide access certifications. Using Identity Governance, data from all applications is collected using a wide range of access protocols so that all relevant applications are included in the process.
Once the solution was operational, increased business participation soon followed. Basitere comments: “Access review reporting is made so much easier through Identity Governance. We can conduct far more granular reviews, including privileged user account reviews, as all the information is available within Identity Governance.”
Access revocations are still dealt with manually, but OPSC has included automation of this on its roadmap and Identity Governance fully supports this.
Access reviews are now conducted on a monthly basis, which satisfies auditors, and means that the certified information is a true reflection of what currently exists in production. This process requires no paper work and minimal manual intervention.
Basitere: “Using Identity Governance, we have reduced our security risk by at least 50 percent by eliminating any orphaned or dormant accounts, thus closing the security loop available. It has also brought us some cost savings as we will clearly not pay maintenance and renewal charges on those accounts.”
He concludes: “The ability to identify, review, and certify privileged accounts has been really helpful to us. Overall, we are very pleased to have found a solution which has complete buy-in from our business audiences. The monthly access reviews just happen and we always feel confident about the outcome of them. Micro Focus and Afrocentric were fantastic partners for us during this project for us during this project and we can see how expanding our use of Identity Governance will bring us further efficiencies.”