Home Office

Delivering a New Privileged Access Management Service.

The Home Office is responsible for some of the UK’s most sensitive services from passports to policing.

A recent NIST risk assessment highlighted a critical vulnerability: privileged accounts with access beyond that of typical users were not consistently controlled. A fragmented technology estate with legacy systems, siloed teams and high user turnover led to duplication, inefficiency and rising security risk. Without a unified approach to managing privileged access, leaders were unable to make effective decisions or enforce consistent security policies.

Black background with a faint circular border and a large, irregular black shape in the center.

1000

Hours of staff time saved per week.

A black athletic shoe with a white sole, viewed from the side.

93%

of PAM users within the Home Office,
rate the PAM service as Good or Very Good.

A large, bright cyan sphere with a smooth surface and subtle shading, floating against a black background.

2000

Legacy accounts with varying degrees
of privilege were removed or consolidated.

01‍ ‍The challenge we faced

The Home Office leads on multiple significant aspects of UK policy and security; from passports to borders, policing and beyond. Critical to this is the safety, security and integrity of the data they own and manage.

A risk assessment by the National Institute of Standards and Technology highlighted the need for the Home Office to develop a capability to protect against the potential misuse of privileged accounts - user accounts that have access beyond that of a ‘typical’ end user.

The risk assessment highlighted a lack of control over their Privileged Access Management (PAM) processes and systems, caused by an ecosystem of often poorly-integrated legacy technologies and applications that hold privileged identities, a high rate of user churn and employees embedded in alternative systems and ways of working.

This resulted in duplication, inconsistency, inefficiency and risk to the organisation's security position, and therefore became one of the Home Offices’ top transformation priorities.

02‍ ‍ Tacking the problem

The Home Office approached us to implement their chosen market-leading PAM solution. Alongside the build, it was necessary to undertake a discovery of use cases and user journeys to ensure that these could be met.

Through an initial discovery phase, conducting user journey workshops, we took a holistic view of access management practices within Home Office, combining people, processes and tooling into an integrated, robust, yet flexible system.

The discovery phase employed a number of activities bringing together system data, survey data and user discussions to deliver a robust view of use cases and user journeys.

A critical element of this phase was ensuring that users at various levels of the organisation were consulted with to ensure a clear picture of all users was obtained.

As part of the user journey assessment it was critical to get users to demonstrate the actions that they were taking as users often gloss over key elements. Without this detailed assessment key elements of the user journeys would have been missed leading to significant problems during User Onboarding.

The culmination of this detailed discovery phase enabled a smooth transition into the onboarding of users and teams into the tool.

03‍ ‍ Key skills we used

Programme management
Tooling analysis & selection
Infrastructure & application build/configuration
Service management implementation
Onboarding & change approach
Retirement of legacy accounts
Robust governance processes
Automated removal of inactive accounts

“It’s great to see a service being managed and maintained in this way. This should be the benchmark.”

IT Operations Centre Lead

Home Office

Ready to get started?

Get your
thinking cap on

Previous
Previous

Marks & Spencer