IDENTITY & ACCESS MANAGEMENT

Securely Enabling Your Business

IDENTITY & ACCESS MANAGEMENT

Customer Solution Case Study

FishNet Security Helps Hotelier Prepare

for Rapid Move to Cloud with New Identity

Management Solution

Overview

Industry

Retail—Hospitality

Customer Profile

Hyatt is a global hospitality company with 451 hotel and resort properties in 43 countries. It is based in Chicago, Illinois, and employs 106,000 people worldwide.

Business Situation

Hyatt needed to consolidate its Active Directory structure, automate identity-related tasks and simplify system audits to prepare for its migration to Microsoft Office 365.

Solution

Hyatt deployed Microsoft Forefront Identity Manager 2010 to centralize and automate the identity

credential management needed for the cloud migration.

Benefits

» Migration of 1,000 user credentials a day to cloud » Day-one employee productivity » IT time freed for new projects » Lower support, licensing costs » Faster audit compliance

“Achieving a 97 percent success rate for a cloud

migration is unheard of for an organization as

large as Hyatt.”

Michael Blake, Chief Information Officer, Hyatt

Hyatt was preparing to migrate its 70,000 information

workers to Microsoft Office 365 for cloud-based email

and collaboration. It first needed to consolidate its Active

Directory Domain Services and automate user-credential

management. Hyatt worked with identity and access

management specialist FishNet Security to reorganize its

directory structure, deploy Microsoft Forefront Identity

Manager (FIM) 2010, and create a centralized identity and

access management portal. Thanks to the cleanup of the

directory service and automated efficiencies, Hyatt was

able to migrate as many as 1,000 employees a day to the

cloud service and has achieved “day-one productivity”

for new employees, granting them access to needed

applications on their first day of work. The IT staff now has

more time to spend on revenue-producing projects, and

Hyatt can complete audits in one-sixth the time.

FishNet Security | Customer Solution Case Study

Situation

Hyatt is a global hospitality company whose name is

synonymous with quality, comfort and service. Hyatt and its franchise partners operate hotels and resorts under the Hyatt, Park Hyatt, Andaz, Grand Hyatt, Hyatt Regency, Hyatt Place and Hyatt Summerfield Suites brand names. As of March 31, 2011, the company’s worldwide portfolio consisted of 451 properties in 43 countries on six continents. Hyatt employs 106,000 people.

Unify Operations

As Hyatt expanded its global footprint between 2005 and 2009, it bifurcated into two organizations, one focused on the U.S. market and one focused on the international market. The two sides of the business ran independently, with employee email addresses having different email domains. However, the decentralized structure bred expensive redundancies, and management wanted to trim costs and also achieve greater consistency in the tools employees used and procedures they followed. In mid-2009, Hyatt went public, which accelerated management’s goal to unify the company. Hyatt merged the management structure of its two businesses and asked all departments to work on consolidating and simplifying policies, procedures and tools. Hyatt Chief Information Officer Michael Blake wanted to extend the unification strategy to the company’s technology, giving all

employees a consistent set of tools for doing their jobs effectively. One of the key technology unification projects that Hyatt decided to launch, in mid-2010, involved the migration of its companywide email messaging infrastructure from IBM Lotus Notes to the Microsoft Business Productivity Online Standard Suite, later renamed Microsoft Office 365. For organizations of all sizes, Microsoft Office 365 unites familiar Microsoft Office applications with the power of Microsoft Exchange Online, SharePoint Online and Lync Online into one connected online solution. “From a strategic standpoint, cloud computing makes sense for Hyatt,” Blake says. “We’re very thin at the top in terms of executive management. We outsource application hosting wherever we can, and we have a very lean core IT staff, using contractors for many tasks. With cloud computing, we can put subject matter experts in charge of key applications so that we don’t have to manage those applications ourselves. It reduces our capital and staffing costs.”

Consolidate and Automate

Before Hyatt could migrate

70,000 information workers to the cloud, it needed to clean up the Windows Server 2008 R2 Active Directory Domain Services directory service structure. The company had hundreds of Active Directory user domains with no centralized management structure. “Even though we used Active Directory as our global directory service, we had to synchronize Active Directory

“With cloud computing,

we can put subject

matter experts in charge

of key applications so

that we don’t have

to manage those

applications ourselves.

It reduces our capital

and staffing costs.”

Michael Blake, Chief Information Officer, Hyatt

FishNet Security | Customer Solution Case Study

with four separate human resources applications, and we used our legacy identity management platform separately to manage access to our reservation system,” says Steve Lieberman, Product Line Lead for Identity and Access Management at Hyatt. “Nothing was unified or integrated, and IT managers at each hotel property were responsible for provisioning and deprovisioning users with application credentials. Depending on how busy these people were, it could take days for new employees to gain access to the applications they needed.” Migrating tens of thousands of email accounts to Office 365 would require automated efficiencies that Hyatt did not have. “Once we consolidated and centralized our domain structure, we would need an automated system for managing it,” Lieberman says. “Additionally, Hyatt would need to maintain a dual email infrastructure during the phased migration to Office 365.”

Simplify Audits

Hyatt had another motivation for consolidating its Active Directory infrastructure: better compliance with audits that would be required of it as a public company. “We needed to be able to audit employee access rights on a quarterly basis, and it was impossible to do that in a decentralized environment,” Lieberman says. “Our audit team had to gather information from multiple business groups and properties, which was usually a six-week process.”

Solution

Hyatt decided to deploy Microsoft FIM 2010 to gain centralized management and automated efficiencies related to handling identities, credentials and identity-based access policies in its environment. By using FIM, Hyatt would also be able to empower employees with the ability to reset their own passwords and manage routine aspects of identity and access. “I wanted every application to be authenticated under a single platform, and FIM provided a single place to manage identities across a broad range of operating systems, email and collaboration tools, databases, directories and applications,” Blake says. Hyatt engaged FishNet Security, a member of the Microsoft Partner Network with Gold

competencies in identity and access management (IAM), to help with its strategic approach to cloud readiness and directory service consolidation. FishNet Security worked with Hyatt to develop an IAM roadmap that would enable the immediate cloud migration and would support the ongoing mail coexistence infrastructure. As a trusted advisor to Hyatt, FishNet Security helped build a three-phase program to address the immediate cloud migration needs, but also established the foundation to enable future cloud application adoption.

“We needed to be able

to audit employee

access rights on a

quarterly basis, and it

was impossible to do

that in a decentralized

environment.”

Steve Lieberman, Product Line Lead, Hyatt

FishNet Security | Customer Solution Case Study

Phase 1: Mature Infrastructure

and Processes to Support

Cloud Readiness

Hyatt recognized the need to first mature its internal process and platforms and automate user management functions before proceeding with the migration to Exchange Online. From August to November 2010, Hyatt worked closely with FishNet Security to aggregate and link multiple human resource (HR) systems to an

enterprise directory based on Active Directory. It also collapsed multiple global Active Directory domains into a single forest to support the cloud synchronization service. By using the FIM 2010 portal, FishNet Security enabled

e-provisioning of new users from the aggregated HR systems to the hybrid application infrastructure of Lotus Notes and Active Directory (used for Exchange Online). Hyatt was also able to use FIM to centralize and automate email distribution list management based upon authoritative data from the HR platform, which further enhanced corporate communication processes.

Phase 2: Empower End

Users, Automate and

Standardize Management

Building on the success of Phase 1, Hyatt and FishNet Security began Phase 2 in November 2010 to further extend FIM to support an improved user experience and additional automation. During this phase, Hyatt and FishNet Security broadened FIM portal access to

hotel IT managers, who were able to use it to provision and deprovision new non-employees (contractors) and create and manage security and distribution groups.

After six months of cloud-readiness work with hotel IT managers, Hyatt started migrating employees to Office 365 in April 2011. By using FIM, Hyatt was able to migrate as many as 1,000 users a day to the Microsoft cloud service. As of June 2011, Hyatt had migrated 6,000 employees and was gathering user feedback before proceeding to the remaining 100,000 employees. Also during Phase 2, Hyatt replaced the legacy identity management platform with FIM to manage access to the hotel’s central reservation system, its primary revenue-generating application. The corporate IT staff gained the ability to manage identities more effectively through the FIM administrative console rather than jumping between multiple access and reservation applications. By adopting FIM, Hyatt was able to eliminate the mail management tools within Lotus Notes and automate those processes through the FIM portal. “We outsource our help desk, and Forefront Identity Manager helps us isolate support staff members into certain categories,” Lieberman says. “Instead of giving them access to everything, we can give them authorization to do certain tasks such as create new accounts for contractors or add employees to certain security groups. Also, they’re able to

“Today, audits take less

than one week versus

the six weeks required

before.”

Steve Lieberman, Product Line Lead, Hyatt

FishNet Security | Customer Solution Case Study

perform these help-desk activities from within the portal rather than jumping between applications.”

Phase 3: Empower Information

Workers and Support

Day-One Provisioning

Phase 3 gave employees direct access to the FIM portal so that they could perform self-service password resets, create email distribution groups, and self-serve group management and membership. Through the portal, employees can also update their profile, search for co-workers and request access to applications. Also during Phase 3, Hyatt plans to improve visibility to audit data by using the identity and access management data in FIM to create customized reports with the Microsoft SQL Server 2008 reporting services.

Benefits

By strategically preparing its identity and access management system before moving to the cloud, Hyatt was able to quickly and painlessly migrate thousands of email accounts from an on-premises to a cloud-based solution. It was also able to achieve “day one” employee productivity, free up time for its IT staff, reduce support costs and improve audit compliance.

Migrate 1,000 Employees

a Day to the Cloud

Thanks to a well-orchestrated access and identity management system adoption guided by FishNet Security and anchored by FIM, Hyatt was able to migrate to Office

365 with a 97 percent success rate. “Achieving a 97 percent success rate for a cloud migration is unheard of for an organization as large as Hyatt,” Blake says. “The 3 percent failure was user error. There’s no way we could have managed the migration without Forefront Identity Manager, which made sure that all the user information was input correctly according to Active Directory data.” By using FIM, the Hyatt IT staff was able to automate the process of migrating existing email account data into Exchange Online. The Hyatt IT staff can assign new email account creation to the HR staff. “In the past, new employees were brought on board by the HR staff, which would pass their names on to local hotel IT support teams for email account creation,” Lieberman says. “Now, when a new employee is added to the HR system, it asks if they need an email account. If they do, Forefront Identity Manager automatically creates one for them in AD. This automation puts us far ahead of where we were six months ago.”

Provide Day-One

Employee Productivity

This abbreviation of the new-employee onboarding process means that Hyatt has been able to achieve its goal of “day-one productivity.” Blake says, “Day-one productivity is important for a company as large as Hyatt and growing as fast as Hyatt.” As Hyatt expands its use of FIM, it will add employee self-provisioning for even more applications, and replace paper

FishNet Security | Customer Solution Case Study

request forms for certain kinds of IT support with online requests submitted over the FIM portal. “We’ll do the same for email traffic,” Lieberman says. “Opening up portal use will allow self-service requests for distribution list access rather than handling these over email. A list owner will receive email notification that someone is requesting access to a list, and the list owner can approve or reject the request from within the email message.”

Free IT Time for

Revenue-Producing Projects

Automating application access requests has unloaded IT staff members of routine work, freeing them for higher-value activities. “All the paper-based processes for requesting employee and contractor accounts will be replaced with online requests,” Lieberman says. “The process of onboarding a contractor used to be extremely time-consuming, requiring three hours of paperwork plus a series of approvals. Using the FIM portal is saving at least a day’s effort per user request. Now I can focus on my job, which is leading the identity and access management program, rather than dealing with paperwork.” Blake adds, “Forefront Identity Manager is enabling us to focus on managing our hotels and making operations smoother, better and faster. We have more time to focus on enhancing applications that drive revenue and customer preference.”

Lower Support and

Licensing Costs

Hyatt also anticipates a reduction in its contract help-desk costs as it empowers employees to take care of their own password resets, distribution list management and security group management. Not only will Hyatt require fewer help-desk technicians, but also those whom it does require will be focused on resolving more important issues than password resets. By adopting FIM, Hyatt will also save ongoing maintenance and support costs associated with previous identity and mail management tools.

Deliver Better, Faster

Audit Compliance

With its consolidated access and identity management system, Hyatt is also better able to comply with the audits required of it as a public company. “Today, audits take less than one week versus the six weeks required before,” Lieberman says. “Our audit staff only has to go to one place to gather needed data, and it gets higher-quality information from FIM, since smaller properties just couldn’t provide some of the needed information. As we tie more applications into Active Directory, we’ll be able to make FIM the go-to location for any audit request.”

“Forefront Identity

Manager is enabling us

to focus on managing

our hotels and making

operations smoother,

better, and faster. We

have more time to

focus on enhancing

applications that drive

revenue and customer

preference.”

Michael Blake, Chief Information Officer, Hyatt

FishNet Security | Customer Solution Case Study

About FishNet Security’s

IAM Services

As a strategic partner, FishNet Security delivers unmatched IAM knowledge and solution programs that can help you effect lasting change in IT and business processes. Our vast experience developing strategic approaches and solutions for nearly every vertical market allows us to leverage a wealth of experience and expertise in solving your IAM challenges. Through our proven IAM5™ Process, we provide strategic guidance, implementation and support services that incorporate leading IAM platforms and specialized service offerings. FishNet Security’s IAM Strategic Services contribute to a client’s business objectives by:

»Reducing operating costs related to user administration and lost productivity.

»Providing a better customer experience by reducing sign-on credentials and delivering a cohesive security solution across the enterprise. »Improving the speed and

quality of application development efforts.

»Enabling greater manageability of users within the enterprise. »Improving legal and

regulatory compliance. »Facilitating adoption

of cloud platforms and resources, and expediting future InfoSec resource adoption and deployment.

For More Information

For more information about FishNet Security products and

services, call 888.732.9406 or visit the website at:

www.fishnetsecurity.com

For more information about Microsoft products and services,

call the Microsoft Sales Information Center at 800.426.9400, or visit the website at: www.microsoft.com

For more information about Hyatt

services, call 800.323.7249 or visit the website at: www.hyatt.com

▪

Microsoft Server Product Portfolio

ͳ

Windows Server 2008 R2 Enterprise

ͳ

Microsoft Forefront Identity Manager 2010

▪

Microsoft Office 365

ͳ

Microsoft Exchange Online

▪

Technologies

ͳ

Active Directory Domain Services

Partner Solutions

AbouT

FIShNET SECurITY

FishNet Security, the No. 1 provider of information security

solutions that combine technology, services, support and training, enables clients to manage risk, meet compliance requirements and reduce costs while maximizing security effectiveness and operational efficiency. FishNet Security is committed to information security excellence and has a track record of delivering quality solutions to more than 5,000 clients nationwide.

/company/fishnet-security /fishnetsecurity