Security at scale: The value drivers of PwC’s identity management transformation

Situation

A global transformation based on technology and trust

As an organization respected worldwide for experience in combining technology, business transformation and trust, PwC understands the importance of modern, secure solutions for managing large-scale enterprises. When evaluating our own complex identity and access management (IAM) system, we saw an opportunity to model that principle.

From a consistent, mobile-first single sign-on (SSO) experience across platforms and devices to reduced time for client delivery and employee onboarding, our IAM transformation was designed to improve user experiences, standardize global operations, strengthen security and reduce technical debt. In pivoting to a streamlined, scalable cloud solution, we laid the foundation for our own growth and developed a successful approach to digital transformation on a global scale that could benefit our clients in more ways than one. Not only does the modern solution streamline access to PwC platforms for engagement-related work, it also enhances our ability to guide clients through their own transformations.

By 2016, PwC’s network of member firms in more than 150 countries encompassed over 13 IAM platforms, 4,600 administrators and 90 Active Directory forests worldwide — a construct of directories that store user and group data and provide authentication services.

Faced with a fast-growing, mobile-first workforce, a digitization movement in the market and an evolving cyber-threat landscape, we performed a significant data transformation — moving from traditional on-premises legacy directories to a cloud-first, centrally managed identity solution. The new platform integrated IAM with security functions, including cloud governance, data privacy and controls, building greater trust among employees and customers alike.

 

Solution

Getting to cloud faster with a modular approach

The primary challenge was to consolidate a web of directories, users and platforms into a cloud-based IAM system that would be secure, nondisruptive and seamless to use. This was complex because the specific business and IT needs involved differed by region and application, and there was a lack of overarching authentication standards across the network of member firms.

Rather than build a whole solution first and migrate all applications at once, we adopted a modular approach. The team worked in phases, prioritizing functions based on the applications that required them, then migrating those applications in batches. This phased “migration factory” eliminated the need to wait for all functionality to be built prior to implementation, which saved time and provided greater flexibility to respond to challenges.

Establishing a collective vision

The first step to a data modernization of this scale was a yearlong series of cross-disciplinary workshops held across the North America, Europe and Asia-Pacific regions. The goal was to establish a collective vision among executives from PwC’s global member firms — no small feat considering the nuances we had to consider. Not only did we need to account for different business and IT team preferences and use cases across regions, but also matters of data residency and privacy requirements. That included the growing problem of cross-border data transfer, which has threatened to disrupt market strategies worldwide.

Drawing on the global feedback received in the workshops, we fine-tuned an enterprise solution to address the needs of our employees and internal users, as well as our customers. With the buy-in of our global membership secured, we began the intricate process of migrating IAM capabilities to the cloud.

Crafting a scalable, security-first solution

Given our extensive cloud knowledge, PwC was well-positioned to construct a robust and scalable cloud solution. But even with our wealth of experience, the complexity of migrating a company of our size to an entirely new platform presented a unique learning opportunity. Our global IAM system expanded over the years into its current state: a complicated web of disparate Active Directories, users and platforms — typically seen as a result of mergers and acquisitions in other companies, but in this case, of organic global growth across the firm.

To meet the complexity of our global use cases — while allowing for the size and scope our IAM platform would need to accommodate — we prioritized strength and flexibility. The resulting solution now handles the traffic of roughly 350,000 internal users and up to two million external users logging in multiple times a day, 24/7, with capacity to grow.

Results

Laying the groundwork for a zero-trust future

As a result of this transformation, we’re standardizing controls and unlocking operational efficiencies across the global organization. Better capabilities to manage user access like SSO help improve security workflows and vulnerability management along with employee and client productivity, self-service features for processes like password resets can reduce time-consuming administrative labor and automated attestation of user access enables more scalability. The migration lays the groundwork for progress toward our zero-trust initiatives, including advanced security capabilities like multifactor authentication and password-less access.

A key factor to our success was keeping our business, IT and security teams in close collaboration throughout the implementation — and that wealth of first-hand experience has paid off. Having gained a deeper understanding of the challenges and benefits of undertaking such a significant, disruptive project, PwC can be a better strategic advisor in guiding clients through their own IAM leading practices and cloud transformation journeys.

5

 

minutes to register new users,
down from 4-8 hours

3x

 

growth in login activity during the first two years following the launch

350K

 

internal and ~2M external users migrated

         

Modern standards and applications that improve operations, safeguard the business
and provide a quick and easy login experience.

 

“There was no playbook for this. We had to create one. We worked together to build a global solution and successfully delivered on our design and security principles — authentications that take place on a single platform for more visibility, control and forensic capability as we secure the PwC network.”

James Shira
Global and US Chief Information & Technology Officer, PwC US

“It’s about building trust — making sure that our customers, stakeholders and employees trust that their data is protected and that every digital interaction is secure.”

Avinash Rajeev
Principal, Cyber, Risk and Regulatory, PwC US

Integrate cyber into your strategy

Align security with your business objectives.

Learn more

Contact us

Avinash Rajeev

Principal, Cyber, Risk and Regulatory, PwC US

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide