How Belo Corp. got its IAM system implemented in just six weeks

When the TV broadcasting company Belo Corp. separated from a sister company, the IT department had to build a fully functional identity and access management system in short time. Belo contracted Identity Automation to devise an enterprisewide solution that uses the HR system and Active Directory to provision access into multiple disparate systems.

It's not often that a company with 2,700 employees gets to start fresh with a brand new identity and access management system (IAM). If you were the CIO of such a company, how would you go about getting a new IAM system fully operational in just six weeks? Here's a look at how TV broadcaster Belo Corp. did it after separating from a sister company.

It all started a few years ago when sister companies Belo Corp. and A. H. Belo Corporation parted ways. Because it has more extensive IT requirements, A. H. Belo took possession of most of the IT systems -- and the people who support them. That left Belo Corp. in the position of having to start anew. Brenda Buckalew, senior director of technology enterprise systems, took charge of rebuilding the IT team and the systems.

MORE: Identity management in the cloud emerges as hot-button issue for CIOs

The legacy IAM system used by the companies prior to the separation was a unified identity management system based on Sun ONE technology. Buckalew had been involved in setting up that system many years earlier and its complexity was something she didn't want to repeat. No, she needed something that could be implemented quickly and simply. She contracted the solution provider Identity Automation that said it could put a full IAM system in place within six weeks.

Belo Corp. operates 20 television stations and multiple regional and local news channels in 15 locations across the country. In addition to the highly distributed employee base, the company has a significant contingent of freelance workers that Buckalew wanted to treat as guest workers in the new IAM system.

At the time of this implementation, Belo used PeopleSoft as its human resources system, and the company wanted to provision and deprovision privileges from this HR system. Belo also wanted to use groups to provision access rights according to location, job roles, etc. There's a lot of staff migration among the various stations. Once an employee moves, his accounts need to be migrated to the new station and he needs to be placed in/removed from the appropriate groups to match his new position.

Identity Automation developed an enterprise solution based on two of its core products: Access Request Management System (ARMS) and Data Synchronization System (DSS). Through integration with PeopleSoft and Microsoft Active Directory, ARMS and DSS drive full identity and access management to all other IT and business applications within Belo Corp. In addition, ARMS provides self-service facilities to employees to manage their own passwords and to sponsor access for guest workers.

In general terms, ARMS is a suite of tools made up of multiple modules, each designed to handle specific facets of the identity life cycle. These integrated modules provide flow from one module to the next. The modules consist of:

Account Management Module -- provides end users with self-service functionality and managers, help desk users and other delegates with delegated administration capabilities.

Application Access Module -- provides single sign-on (SSO) and presents application icons to users based on their role within the organization.

Group Management Module -- allows for full delegation of group management in Active Directory and eDirectory environments as well as distribution list management for Microsoft Exchange.

Reporting Module -- provides real-time feedback on the usage of DSS and ARMS and how much money the tool is saving the organization.

Sponsorship Module -- allows IT to delegate the life cycle management of external accounts to the hiring manager while enabling policies to ensure compliance.

Workflow Module -- provides the means to request, approve, track and re-attest access.

Identity Automation's DSS is an application with a built-in tool set that can move, transform and validate data between otherwise disparate systems. This system can be used to build IDM (identity management), EAI (enterprise application integration), ETL (extract, transform, load) and configuration management solutions.

The solution implemented by Belo Corp., built on both ARMS and DSS, gives the company's IT administrators single-point, cradle-to-grave control over all users in the system. Administrators at each of the Belo TV stations can manage everyone from their stations through ARMS or Active Directory.

The sponsorship module of ARMS allows individual Belo employees to request guest access to the Belo IT systems. Guest access is allocated for 90 days and then it must be re-attested to extend the access. This prevents the inadvertent creation of access privileges that hang on longer than the contract worker does.

The data synchronization features of DSS are important in supporting niche IT systems that have their own IT domains independent of Active Directory. DSS keeps access privileges and passwords in sync to simplify local security into the niche domains.

Identity Automation met their commitment to install a fully operational IAM solution within six weeks. This system gives Belo Corp. a single authoritative source for identity and drives access to all systems across the enterprise. The self-service features of ARMS, such as password resets and guest access, reduce the burden on the IT team. In the future, the company plans to increase integration with SharePoint and manage group access to that collaboration and document sharing tool.

Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at


About Essential Solutions Corp:

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT