Private aviation was one of the niche industries that experienced massive demand during the COVID-19 pandemic. This led to hypergrowth organically as well as through global acquisitions. Due to multiple strategic acquisitions the organization inherited multi-lingual systems, multi-regional regulations, non-conformity around infrastructure design, service-level agreements and hazy bi-furcation rules in regard to employees and contingent workforce. Growth under these special circumstances led to unconventional methods and posed serious challenges of remote global workforce management with respect to Risk, Compliance and Governance.

Areas of exposure include :

  • Potential breach due to unauthorized disclosure of information and unprivileged access
  • Lack of traceability, general roles-based access leading to unnecessary exposure
  • Infrequent security and compliance audit despite higher attrition
  • Timely provisioning and retirement, rogue and orphan account detections, tweaking periodicity around audit logging and reporting, enforcing regional compliance
  • Application deployments across multiple entities including hybrid, collocation, public cloud, private cloud, on-premises, etc

For a global organization, the solution had to be built with zero room for error; and promptly serving risk, compliance and fiduciary responsibility

Solution - ESTUARY

Based on the First Principles of Thinking, the solution had to be built with key focus on conforming standards in providing traceability, actionable compliance (both automated as well as hierarchical) and audit capabilities on contingent workforce. Additionally, it was necessary to build a holistic access control by unifying applications spread globally, designing and implementing security policies with periodic re-certifications, privileged access depending on locations and access levels.

The approach was to design an overarching self-serving portal which integrated with applications while keeping the master governance centralized with Azure AD. This enabled simultaneous provisioning for both; workforce engagement as well as temporary access across sensitive applications.

This design is highly scalable with room to accommodate innumerable applications and enforce master access control and policies on them.

Operational scalability is the cornerstone of this design. This solution is built with the purpose to “Build-Operate-Transfer” with modular runbooks across the organization applications sphere.

Global Compliance and Reporting are centric to the design; Defining application rules & policies, enforcing periodic reviews and renewals are key features. The solution has specific dashboards designed for the Chief Compliance Officer, Chief Legal Officer and Chief Information Officer