James@Conway ~ %

Case Study · Identity & Access Management

Modernizing Identity Governance for a Multi-Cloud Technology Services Company

A global technology consulting and managed services company with 200+ employees operated a complex multi-cloud environment with no centralized identity governance. By halting a failing in-house build, evaluating enterprise IGA platforms, and deploying CyberArk IGA, I unified access controls across AWS, Azure, GCP, and 20+ SaaS platforms — automating quarterly access certifications, eliminating unnecessary licensing costs, and significantly improving security posture and audit readiness.

3Cloud platforms unified
20+Enterprise apps integrated
QuarterlyAutomated access certifications
$30k+/annualLicensing costs eliminated

Overview

As a Senior Systems Administrator at a mid-sized global technology services company, I led the modernization of the organization’s identity governance strategy across a complex multi-cloud and SaaS ecosystem. The company had grown its technology footprint significantly over time but lacked a centralized approach for governing user identities, access entitlements, and access reviews. This created operational inefficiencies, increased security risk, and limited the organization’s ability to demonstrate compliance.

I initiated the transition from a fragmented, internally developed identity reconciliation process to a modern Identity Governance and Administration (IGA) platform. The project involved building executive support, evaluating enterprise solutions, designing the integration strategy, and leading the implementation of a centralized governance framework that improved security, operational efficiency, and audit readiness.

Organization

The organization is a global technology consulting and managed services provider with more than 200 employees across the United States and India. Its infrastructure spans Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), while its workforce relies on an extensive portfolio of enterprise SaaS platforms supporting business operations, collaboration, customer engagement, endpoint security, and software development.

Core platforms included Microsoft 365, Google Workspace, Salesforce, SentinelOne, Paylocity, Jira, Slack, Zoom, HubSpot, FreeIPA, and numerous additional commercial services.

As the company’s cloud footprint and SaaS adoption expanded, identity governance became increasingly complex and difficult to manage through manual processes.

Challenge

Although the organization had invested heavily in cloud infrastructure and enterprise applications, identity governance had not evolved at the same pace.

User provisioning, entitlement visibility, and access governance were distributed across multiple systems without centralized oversight. There was no formal governance model for managing user identities across cloud platforms and SaaS applications, and the organization lacked automated access certification processes necessary to support modern security and compliance practices.

Rather than adopting an established Identity Governance and Administration platform, the organization had invested significant engineering effort into developing an internal user account reconciliation solution. While well intentioned, the project was not delivering a scalable or sustainable governance capability and continued to consume valuable engineering resources.

This created several operational challenges:

The organization needed a governance solution capable of supporting a rapidly expanding technology ecosystem while reducing operational complexity and strengthening security controls.

Objective

The objective was to establish a centralized identity governance framework capable of managing identities, entitlements, and access certifications across the organization’s multi-cloud infrastructure and enterprise SaaS platforms.

Key goals included:

Strategy and Vendor Evaluation

Recognizing that the existing approach would not scale, I took ownership of the modernization initiative.

My first priority was to reassess the organization’s long-running internal development effort. After evaluating the project’s progress, technical limitations, and long-term maintenance requirements, I recommended discontinuing further investment in the custom solution in favor of a purpose-built enterprise platform.

Securing executive alignment required framing the discussion around business outcomes rather than technology alone. I demonstrated how centralized identity governance would reduce security risk, improve compliance, simplify audits, and deliver measurable operational savings.

Following stakeholder approval, I conducted a comprehensive evaluation of Identity Governance and Administration platforms. Each solution was assessed against several criteria, including:

Based on this evaluation, CyberArk Identity Governance and Administration (IGA) emerged as the strongest fit for the organization’s technical requirements and long-term governance strategy.

Implementation

I led the implementation of CyberArk IGA across the organization’s cloud infrastructure and enterprise application ecosystem.

The project included integrating identity data and entitlement information from Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Microsoft 365, Google Workspace, Salesforce, SentinelOne, Paylocity, Slack, Zoom, FreeIPA, and numerous additional SaaS platforms.

Where native integrations were unavailable, I designed and implemented custom connectors and data normalization processes to ensure accurate identity correlation and consistent entitlement mapping across systems.

The implementation introduced several critical governance capabilities:

The new governance framework established a single source of truth for user access while significantly reducing the manual effort previously required to manage identities across dozens of independent systems.

Results

The implementation fundamentally changed how identity governance was managed throughout the organization.

Engineering and security teams gained centralized visibility into user identities, permissions, and access relationships across the enterprise technology landscape. Automated access certification campaigns replaced entirely manual — or previously nonexistent — review processes, improving accountability while reducing administrative effort.

The platform also enabled proactive identification of inactive accounts, excessive privileges, and orphaned identities, reducing security risk and strengthening the organization’s overall governance posture.

Key outcomes included:

Beyond the immediate technical improvements, the initiative established a scalable governance platform capable of supporting future growth without requiring significant redevelopment or manual administration.

Technical Leadership

This project required more than implementing an enterprise software platform. It required driving organizational change through technical leadership, strategic planning, and effective stakeholder communication.

I identified a long-term operational risk, challenged an existing development strategy, built executive consensus around a new direction, led the vendor evaluation process, and designed an implementation strategy that aligned technical capabilities with business objectives.

By focusing equally on security, operational efficiency, compliance, and financial impact, I was able to demonstrate the broader value of identity governance as a business capability rather than simply another security initiative.

The project strengthened the organization’s security posture while establishing governance processes that continue to support scalable cloud operations.

Key Technologies

Lessons Learned

Identity governance is most effective when it is treated as foundational infrastructure rather than an isolated security initiative. As organizations adopt additional cloud platforms and SaaS services, manual processes and custom-built governance solutions become increasingly difficult to maintain and scale.

This project demonstrated the value of selecting mature, purpose-built platforms over extending internal tooling beyond its intended scope. While custom development can solve targeted problems, enterprise governance requires capabilities that have been refined through years of industry experience, including identity correlation, entitlement management, certification workflows, policy enforcement, and audit reporting.

Equally important, successful modernization depends on aligning technical recommendations with business priorities. Presenting identity governance in terms of risk reduction, operational efficiency, compliance, and cost optimization enabled the organization to make a strategic investment that delivered measurable value across both IT operations and the broader business.