Big Picture / Coarse Concept

“Pointing you in the right direction”


While the aim of sensitization is to convey the topic of Identity Management (IDM), the big picture is to capture the respective customer precisely and to design an IDM system tailored to his company. deron describes the future, sustainable target state for the customer.


  • deron collects the systems relevant for the IDM, the number of users of all systems with user administration and the existing IT authorization processes.


  • For the analysis of weaknesses in previous authorization processes, deron uses vulnerability catalogs, benchmark comparisons, etc.


  • In the big picture, deron defines secure TARGET processes of the various lifecycle types (internal and external employees, technical accounts, etc.) together with business and IT, which also regulate the denial of rights. Legal requirements are taken into account as well as correlations with process and workflow definitions.


  • deron creates the basis for creating descriptive business roles for all applications: No manager can choose the right role for his employee from 30 applications with 300 authorizations each. Only if there are a reasonable number of meaningful business roles can the line manager assume his responsibility and “purchase” the right authorization.


  • deron creates a requirements matrix to check individual IDM products for how well they fulfil the tasks of your company. For this, deron uses an extensive catalogue of criteria and benchmarks from more than 150 projects as well as scientific prioritization methods.


  • deron searches for the product best suited to your requirements. Since all products are different and no manufacturer mentions the weaknesses of his product, experience is needed to be able to assess the products in detail. deron knows the strengths and weaknesses of the IDM tools due to the multitude of analyses and implementations.


  • For companies that already have an IDM product or IDM functions in use, deron carries out a benchmark with its own IDM maturity model and checks how resilient the existing solution is with regard to your future IDM requirements. We answer the question of whether and how further expansion makes sense or whether alternatives are functionally and economically superior.


  • Many IDM projects fail to be implemented because too many features and functions are planned. That’s why deron has developed a master plan methodology that allows the introduction of an IDM in small steps (roadmap).


  • deron calculates savings by optimizing the user administration processes using IDM in the process cost analysis. For this purpose, we use self-developed process recording sheets and draw on our experience and benchmarks from a large number of projects and studies.


Our services in detail


If the assignment of authorizations becomes too complex, if the revocation of authorizations is not anchored in the processes, or if your audit points to unused accounts, then at the latest should you take steps to introduce a future-proof Identity Management, which is today extended to Secure Identity & Access Management (SIAM). In the big picture you lay the foundation for a successful IDM project. You thus set the decisive course for all subsequent work such as detailed conception and implementation. So you can rely on our experience when it comes to quickly and securely separating the essential from the unimportant and making the right decisions.


Take advantage of our deron project methodology, our knowledge databasis, and templates and benefit from our IdM know-how, which has grown over many years, as well as our experience from more than 150 IDM projects.


The current state

The first step within the framework of a big picture is the recording of the actual situation. The CURRENT state analysis serves to record and understand your current situation and to identify critical points. The aim is to record the systems relevant for IDM, the number of users of all systems with user administration and the quantity structures. A further focus of the ACTUAL analysis is on existing IT authorization processes, i.e. on the allocation and denial of access rights. By using deron survey techniques and standards, we can jointly gain an overview of where you stand today in terms of user administration within just a few days.


Vulnerability analysis

In the course of the CURRENT state analysis, central findings about existing weaknesses in terms of efficiency and security in the existing authorization processes come to light. These are worked out by our experienced deron employees by means of vulnerability catalogues, benchmark comparisons, etc. and serve in the later TARGET state process definition as an essential motivator for a fundamental rethinking and redesign of various processes.


Big picture / target processes

The target process definition of the authorization processes in business departments and IT is an essential component of the strategy concept. The target process workshops are moderated according to the recognized deron methodology. This ensures that the business and the IT departments can develop a common big picture. This is fundamental, since user administration and authorization assignment can only be successfully designed in the right interplay between the technical and business managers from the various departments responsible for the applications and systems. Our consultants actively support you in finding solutions and contribute their knowledge from over 150 IDM projects. It is crucial to include the various lifecycle types (internal employees, external employees, etc.) and their dependencies in the process and workflow definition. deron also takes legal and regulatory requirements into account, supports the creation of guidelines and ensures that processes become secure (preventive processes). In this way, you can avoid dead ends in the solution design and thus expensive change requests at an early stage. Your project remains within budget and acceptance within the company is maintained – a win-win situation for everyone!

At the completion of the big picture, you have a “set” of defined target processes at your disposal, which also ensures the prompt revocation of authorizations. The big picture is the basis for further steps such as phase planning (master plan) and product evaluation.



Role design

As a rule, your company’s employees are assigned a large number of individual authorizations and authorization groups or system roles in different applications. For the business departments, understandable and simple usability is particularly important. Individual authorizations at application level require special knowledge and are unclear and hardly comprehensible for the line manager. Let’s assume, for example, that you have 30 applications with 300 authorizations each – that results in 9000 possibilities! The line manager wants to choose from a limited number of descriptive business roles and tasks when equipping the authorizations of his employees. Only then can the line manager develop an understanding of this and thus assume his responsibility.

Within the framework of the big picture, our consultants will work with you to clarify how the basic structure for the role model can be set up in order to meet both the requirements of the department (simple, organizational-logical operability) and the requirements of IT (completeness and security). We support you by using our deron role management approach, which has been continuously refined during our 15 years of project experience. In this demanding field of role formation, the overview of the choice of the right solution is maintained and the role topic does not become a “never ending story” for you and your company.



Requirement analysis

You developed the TARGET processes together with our team and the big picture is complete. But on which IT platform should all this be mapped? The next step is to develop the requirements for a future IDM product. As a leading IdM consulting firm, deron can draw on an extensive catalogue of criteria and benchmark values from over 150 projects. Finally, this catalogue of criteria is extended by the specific requirements of your company and evaluated with the help of further developed scientific methods of the Fraunhofer Institute. In this way, the individual criteria are given a methodical prioritization that can be used for years to come. This ultimately leads to a weighted requirements matrix, which makes the degree of fulfillment of individual IdM products transparent and comprehensible for the management during the subsequent product evaluation.



Product evaluation / decision-making basis

Product evaluations are complex. If you believe the specifications of the tool manufacturers, then everyone seems to have the perfect product. Even analysts make judgements about the market leaders, but at best this information proves to be an orientation when searching for the optimal tool for your company. It is important to evaluate the products in the context of your current and future goals and, above all, to identify the well-hidden weaknesses of the products that drive up costs in a later implementation. Due to the multitude of analyses and IDM implementations, deron can identify the specific strengths and weaknesses of IDM tools. IDM product solutions from different vendors are compared based on your company’s specific criteria and weighting. They are then evaluated for their suitability for your individual company situation. As a customer, deron provides you with a robust decision template that enables you to trace the decision for the selection of a suitable product at any time. On the basis of our expertise, we help you to filter out “your” IDM solution from the confusing market of products and to avoid unpleasant surprises.


Maturity ratings for existing IDM solutions

Do you already have an IdM product in use? Or are IdM functions (e.g. through in-house developments) implemented?
On the basis of the TARGET processes and the catalogue of requirements developed, we can carry out a benchmark with deron’s own IdM maturity model and check how resilient the existing solution is with regard to your future IDM requirements. Together with you, we develop a basis for decision-making on the basis of our many years of experience. It serves the question of whether and how further expansion makes sense or whether alternatives should be sought that offer better functional and economic conditions for the future.



Masterplan / Roadmap

Many IDM projects fail to be implemented because planning was too ambitious. Deron has therefore developed a master plan methodology for project planning that allows the introduction of an IDM in small steps. Based on the big picture models, the roadmap or master plan is created together with the customer according to priorities and maximum benefit. In an easy-to-understand form, it shows how the further project procedure looks dedicated to your company after completion of the big picture. The roadmap also forms the basis for the calculation of the expected project expenditure in the further project phases. deron draws on a wealth of experience from more than 150 projects and can therefore precisely specify the expected expenditure for your project. This gives you the unique opportunity to benefit from the many years of deron IDM project experience and the valid benchmark values that can be derived from it. Re-negotiating budgets or milestones is therefore a thing of the past for you.




As a customer, you are regularly faced with the question of evaluating the benefits of an IDM solution. In addition to “increasing security” and “complying with compliance requirements”, an IDM solution also offers potential savings through the optimization of user administration processes. In order to recognize when the investment is worthwhile for you, we generate a ROI analysis that is specially tailored to your company. This, together with the other results from the preliminary study, serves the budget provider from your company as a basis for decision-making on project approval. Here our economically educated team compares the current and expected future expenses, based on the developed big picture, and can then clearly determine the savings potentials in IT and specialist area. deron applies a process cost analysis specially adapted to the IDM topic area using process recording sheets. This saves time and effort and ensures transparency of results. In order to calculate the expected cost savings for you, we then draw on our extensive experience and benchmarks from a large number of projects as well as on studies conducted by deron together with the Fraunhofer Institute. Ultimately, with our help, the project team has all the relevant arguments at its fingertips to make a sound decision.