{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
Cybersecurity and privacy case study
Autodesk’s digital transformation using IAM
A platform for employee transformation: How Autodesk was able to use Identity and Access Management (IAM) as a catalyst for digital transformation and their next generation workforce
Client: Autodesk, Inc.
Our Role: PwC helped to streamline the IAM transformation process and over 40 additional applications within 18 months
Industry: Technology, Media and Telecommunications
Services: Cybersecurity and privacy
BlackBerry’s biggest acquisition to date could cement its place as a security leader
PwC helped BlackBerry undertake extensive due diligence of the proposed Cylance deal by identifying the key business and technology drivers, giving BlackBerry confidence that it was making a sound investment.
Client: BlackBerry Limited
Our Role: We helped BlackBerry undertake extensive due diligence of the proposed Cylance deal. This due diligence proceeded along three main areas: technical, commercial and financial, and it primarily involved BlackBerry’s CTO, COO, CFO and its Corporate Development organizations.
Industry: Technology, Media and Telecommunications
Services: Accounting advisory services, Capital markets advisory, Acquisitions, Deals strategy, Valuations and Analytics
Situation
How do you create a mature “any user, any device, any application, anywhere” IAM capability?
Founded in 1982, Autodesk was one of the pioneers of the computer aided design (CAD) industry. Now, Autodesk has over 10,300 employees worldwide and their total subscription base grew to 4.9 million users across multiple industries globally, accounting for $3.27 billion in total revenue in FY 2020. Autodesk began its digital transformation journey as it shifted to a subscription-based product and revenue model. As part of the transformation Autodesk knew it needed to build a foundation for IAM that would support employee persona-based fulfillment and experience, rapid on-boarding, enhanced user productivity and the robust management of compliance and security. This would involve moving from a ticketing-based organization to an outcome-based organization which would improve alignment with Autodesk’s imperatives, such as cloud, mobile, social and BYOD. The IAM platform would become Autodesk’s central catalog of enterprise digital assets with access rights personalized for each individual. The goal was to create a mature “any user, any device, any application, anywhere” IAM capability.
Autodesk had thousands of employees using more than 100 applications (40 being SOX priorities) and knew it needed an integrated and automated approach to access management. IAM is a mature discipline. Autodesk selected an industry-standard solution and asked PwC to help propose an IAM implementation strategy. The company agreed with our proposed approach and recommendations and Autodesk selected PwC as their implementation resource.
“An IAM implementation can be complex, but the result, in terms of employee satisfaction, productivity and compliance posture, can be transformative, as was the case with Autodesk.”
Solution
How PwC helped Autodesk streamline the IAM transformation process and drive adoption
With many IAM implementations under its belt, PwC was able to quickly help develop a common onboarding framework and process for Autodesk. Together, the team had the following goals:
- Make digital transformation a reality by enabling seamless, persona-based, controlled access to digital applications and tools.
- Enable Day-1 productivity and automatically enforcing least privilege access rights.
- Quickly enabling a governance model where Autodesk could understand “who has access to what, and what level of access” to protect critical assets.
- Create a certification process for compliance (SOX, GDPR, CCPA, et al.) and build the foundation for managing the separation of duties within and across applications.
This involved integrating applications with the IAM platform to support both access management and access reviews, leveraging reusable integration patterns. The common framework allowed for better velocity and predictability for the implementation and helped Autodesk adopt a “factory” model for subsequent application integrations. This framework was key to scaling and driving better practices across the application teams for managing their access control lists and permissions. Once the PwC team helped Autodesk address a persistent corporate directory issue, we went on to use the framework to help the client integrate over 40 additional applications within 18 months using a sprint-based testing and release process.
An intense focus on end user adoption
But there was more to the story. Adoption was a major priority, so the team provided the additional IAM capabilities while keeping the user experience consistent. The team utilized the familiar workflow interface, helping to implement new and improved processes without employees needing to deal with yet another workflow. Involving business stakeholders early and throughout the process helped to make sure they understood the value and impact of the new IAM platform. And in addition to application onboarding, the team implemented pilot programs for role-based access and segregation of duties to validate tool capabilities and build foundational business processes in collaboration with all stakeholders.
“We knew that as we moved to the cloud, it would involve a digital transformation. Improving our IAM infrastructure was high on the list of priorities. The team from PwC’s experience with IAM implementations allowed us to put a plan in place and deliver on time.”
Results
Autodesk’s digital transformation enables their next generation workforce and improvements in efficiency, compliance and cost through foundational identity and access governance capabilities
Autodesk began their journey with the goal of streamlining and securing all IT and public cloud infrastructure through seamless, self-service IAM services platform. In just over 18 months, the client accomplished the following:
- Established a centralized IAM platform to automate access requests and access reviews for 40 prioritized SOX/SOC applications.
- Enhanced employee onboarding experience enabling productivity on Day 1.
- Improved employee productivity and UX with persona-based provisioning with the help of self-service tools and just-in-time provisioning.
- Enabled automated corporate directory group access management.
- Standardized, secure, seamless, and efficient access management enabled by access management framework.
- Conducted role-based access control and segregation of duties pilots.
- Achieved “secure anytime, anywhere” access from any device with data protection.
- Consolidated control and simplified access management, leading to reduced costs, complexity, and resource overhead.
- Provided the visibility and control needed for a distributed workforce and applications.
- Moved from static provisioning to role-based access enforcing a least privilege provisioning model.
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
