SERPRO (Serviço Federal de Processamento
de Dados) is the biggest public company to provide IT services in Brazil. Created
in 1964 to modernize and to offer pace to the strategic sectors of the public
administration, SERPRO is responsible for customer data security as well as for
recommending best practices and developing programs and services that allow
greater control and transparency on public revenue and expenses.
As the largest public IT services company in Brazil, SERPRO had exacting requirements for their identity management and security needs. After all, the company needed control over and insight into data access by users, such as customers (government entities) and citizens, and other groups, including public employees, taxpayers, the tax collection agency, and ministries.SEPRO also needed to create an environment that conformed to federal government security standards, such as Instruction GSI/PR no. 1 of June 13, 2008 and others as set by the Brazilian president’s institutional security cabinet.
The other requirements included the need to:
- Standardize and organize access controls and identity management for employees and government entities that use the system to improve the provision of services across 60% of Brazil’s public administration, which needs to guarantee the availability, integrity, confidentiality and authenticity of the services and products it delivers to its customers
- Unify and implement rigorous access controls for data related to government entities, employees, taxpayers, and ministries for the company’s 8,000 users to avoid unauthorized access
- Automate account access revocation in case of employee vacation, termination, et al
After careful evaluation of available technologies, SERPRO selected and implemented Oracle Identity Manager (OIM). The implementation allowed the company to streamline the user administration process and have a single source of truth for all user access management records. Automated provisioning of user accounts eliminated administration overhead while automated deprovisioning and account linking significantly reduced security gaps from orphaned accounts or accounts created in manual errors. And of course, compliance being a key driver, the OIM implementation allowed SERPRO to manage and audit data access across all its user constituents.
For more information on SERPRO’s implementation and realized benefits, click here.