Contact UsLogin

Home > Case Studies > Case Study C


Fortune 1000 Media Company
Crafting a Unified Identity Management Strategy

The Business

From its beginning as a newspaper company founded in 1842, through the explosive growth of the past 20 years, this client has attributed its success to its unique understanding of, and commitment to, the audiences it serves. This client’s close community ties, strong journalistic reputation, and intense regional focus have been nurtured and expanded over time, resulting in powerful media brands and business opportunities that are not easily duplicated by competitors. Today, a Fortune 1000 company with 7,800 employees and $1.4 billion in revenues, this media giant owns 19 television stations in such markets as Dallas/Fort Worth, Houston, Seattle/Tacoma and Phoenix, reaching 13.7 percent of U.S. television households; four daily newspapers, with a combined readership of 2.1 million daily and 2.7 million Sunday; two regional cable news channels reaching 3.6 million households; and 34 Web sites, including some of the nation’s most popular local and regional news sites.
The Challenge

Like most media companies, the client had a desire to better understand their customers’ needs and wishes across all their publications. Clearly this is a difficult task because not all customers subscribe or watch the same programming even in the same metropolitan area. This client needed a way to accurately identify an existing subscriber to one of their newspapers, for example, and offer them a special marketing campaign for that paper’s on-line Web site. Moreover, this media company wanted to ensure they could rapidly provision a new subscriber or user of an on-line service in a secure and reliable manner.
How CPSG Consultants Helped

A small team of CPSG consultants quickly identified a group of software infrastructure components that were already purchased by this client and developed an identity management roadmap for implementation across all this clients subscriber provisioning systems. Additionally, CPSG engineered a set of reusable software components that were used to aggregate the subscribers information into their on-line publications which allowed a customer of a print publication immediate access to the on-line version.

This client had six very specific needs:
  1. Regulatory compliance – Legislation: Sarbanes-Oxley 404:409 forcing this client to standardize user management

  2. Security risk management – Keeping tabs on who has access to what is vital to securing enterprise data, networks and applications.

    • Authorization - Frustrated staff may bypass proper corporate authorization processes to create new logon accounts to satisfy access requests quickly.

    • Termination - Accounts owned by terminated consultants and staff are persistent for a long time in many companies corporate directories because IT does not know the BU’s have let people go.

    • Standards - Users can be given non-standard accounts, with inadequate or excessive privileges with no reporting capability.

    • Accountability – Manual account add / change / delete operations do not generate a suitable audit trail for ensuring corporations are meeting legislation such as Sarbanes-Oxley.


  3. Cost reduction – Automated identity management products cut costs because fewer people are needed to run them and Help Desk calls are reduced.

  4. Improved service levels – Internal service level agreements with call centers or IT services are increasing in complexity and shrinking in budget. The only way to support them is through automation.

  5. Auditing Process – This client maintained a very distributed account management strategy across thirty-seven (37) business units.

    • For the most part each system required an administrator to add / change / delete the user.

    • This strategy has to rely on the IT Management from each of the distributed organizations to ensure they audit the systems they manage with no central repository for audit information to ensure accuracy

  6. Reporting Process – Information technology and data access reporting within this enterprise was performed typically on an ad hoc individual system basis.

    • This approach does not allow for enterprise reporting which may be required by external auditors
Customer’s Information Security team contracted CPSG to developed a three phased strategy focused on preparing the infrastructure to meet these Business, Security, Auditing and Reporting needs.
  • Phase I - Reengineering of their Identity Repository - Corporate Directory

  • Phase II – Implementation of Role Management in Financial ERP

  • Phase III – Product Selection and Business Justification for Implementation of a User Provisioning and Auditing System
Phase I – Corporate Directory

The customer began the process in 2004 to revamp their corporate directory architecture. This included reviewing the users information in the directory to ensure there was limited private data in this central repository and migrating the system to newer versions of the platform.
  • This ensured they would have a highly-available common and central repository for all of their user community. This architecture is based on open standards for future ease of integration.

  • The design required that the ERP HR system was the authoritative source for all employee users IDs – meaning that only users who had credentials in the HR system could have an identity in the corporate directory.

  • Cleaning the data in the corporate directory allowed for tighter personal information security because information like SSN used for Open Enrolment was removed.
Phase II – Role Management in ERP

Once the directory architecture was in place we began the second phase of their unified identity management strategy by starting the process for implementing role based management in the ERP financial system.
  • This helped the client meet some of the Sarbanes-Oxley requirements for information and data access with in the financial system.

  • Once completed, the user’s ERP financial system roles are better structured to handle external auditing and reporting systems allowing for better review of who has access to what data and what they can approve.

  • Implementation of the role based access within the financial system will provide the early stages for engineering a common set of User Profiles for ease of administration.
Phase III – Provisioning & Reporting

The final phase of the unified identity management (IdM) strategy required the product selection and development of an enterprise Identity Management Strategy.

CPSG had to include implementation of a enterprise identity / provisioning system. This system had to allow the company to centrally add / change / delete users across all critical systems (no matter the platform and business unit).

  • RESULT - Tighter security control/Sarbanes-Oxley Compliance
    • Complete visibility into user access privileges
    • Automatically detect and react to potential risks
    • Consistent application and enforcement of security roles

  • RESULT - Streamlined operations
    • Automation for account creation process
    • Delegation of user administration to departments and not central IT
    • User Self-Service for password management and account reset
    • De-provisioning of users who leave the organization

  • RESULT - Faster processing of requests - Provisioning add / chance / delete users in Hours rather than Days.

  • RESULT - Improved quality of service
    • New users are given immediate access to the resources needed to be productive
    • Users’ changing needs are met just as quickly, keeping them satisfied and productive from the beginning

The company’s management reviewed several systems for their provisioning solution and decided on Sun Microsystem’s Identity Manager.
Performing a proof of concept with a trusted partner

The company’s management required CPSG to perform product proof of concept (POC) with the company’s systems and data. The POC had to demonstrate the capabilities of the various identity management vendors against the company’s requirements with no customization.

To perform the POC, CPSG outlined the client’s requirements and implemented the necessary systems and software. We performed the POC with assistance from different vendors’ professional services groups. The high-level POC requirements included:
  • Real-time integration with the client’s simulated ERP HR system

  • Real-time integration with the client’s corporate directory

  • Real-time integration with the client’s test environment for Active Directory
A recommendation based on in-depth research and expertise

After reviewing various technologies, platforms and software solutions offered by different vendors, coupled with performing an in-depth and successful proof of concept, the clients’ security team recommended the purchase of Sun’s Identity Management Software Stack.

In addition, CPSG has provided the client with professional services integration assistance, including:
  • Final requirements gathering, architectural design, development and implementation

  • Mentoring and training alongside Sun Microsystems during the implementation
Contact Us

Privacy Policy
©2003-2004. All rights reserved CPSG, Inc.