At first glance, identity and access management sound like bureaucratic plumbing, something best left to auditors and admins. But the numbers tell a more dramatic story. Verizon’s 2024 Data Breach Investigations Report points out that 83% of hacking-related breaches involve stolen credentials or brute-force attempts. The 2024 Cost of a Data Breach Report by IBM puts credential compromises at the top of data breach causes, with an average cost of $4.88 million. Despite these dangers, enterprises across the world still use spreadsheets, email chains, and manual scripts for critical access decisions.
That brittle setup becomes particularly dangerous in consumer-facing enterprises, where milliseconds of website uptime can literally affect a marketing calendar. Picture a global sportswear label; a household name, instantly recognisable logo, pushing a limited-edition sneaker drop to millions of fans. Should the underlying identity stack stall, not only do online queues collapse, but social media erupts in real time. Revenue disappears, reputations take a beating, and boardrooms echo with the question: How come simple login tasks continue to break?
The company’s aging identity platform was buckling under the pressure of remote work, microservices, and nearly constant product launches. Surendra Vitla, a programmer analyst at Cognizant Technology Solutions, was assigned the task. His job title does not scream saviour. Neither does his manner; colleagues describe him as more of a listener than a talker. Yet over the next twelve months, Surendra orchestrated an overhaul that turned identity from a bottleneck into a background hum, and in doing so, offered a sketch of what modern security can look like when it is allowed to move at the speed of the business.
The Overdue Upgrade
The immediate pain point was SailPoint IdentityIQ, the core platform used to provision and govern access for tens of thousands of employees and contractors. The software was two major versions behind, running on infrastructure held together by sympathetic sysadmins and a patchwork of custom scripts. Any serious lift‑and‑shift threatened to stop work on the factory floor and in flagship stores alike.
Surendra approached the task like a careful mechanic rebuilding an engine while the car is still lapping the track. Before a single package was installed, he mapped data flows across continents, time zones, and vendor contracts. “Identity looks technical, but it’s mostly sociology,” he said in the discussion for this story. “You need to know who actually owns which decisions, not just what the org chart claims.”
With that map in place, he led the leap from IdentityIQ 7.3p1 to 8.0p1, standing up a brand‑new clustered environment in parallel with the old one. Cut‑over happened during an overnight window so tight that a late pizza delivery would have thrown off the plan. By dawn, retail staff in Tokyo were clocking in as usual, unaware that a system they relied on had quietly swapped its foundation.
Automating the Mundane
The upgrade, substantial as it was, solved only half the puzzle. Provisioning still required humans to shuttle requests between service desks and security queues. Surendra believed the only sustainable fix was to borrow techniques from software engineering, continuous integration, automated testing, instant rollback, and apply them to identity. He developed a series of Jenkins pipelines to automate SailPoint deployments, significantly improving consistency and reducing operational effort. This also ensured that every change was traceable as code, making rollback and troubleshooting more reliable and auditable.
Not everyone was convinced at first. An internal memo flagged the idea of “DevOps for IAM” as risky: What if an automated push misconfigures privileges at scale? The counter‑argument, backed by incident logs, was that humans already did this on a regular basis; at least, automation would leave a trail.
Seeing in Real Time
Security teams often discover breaches days or weeks after the fact, when log files are bulk‑exported for analysis. Surendra’s next move was to collapse that delay. He pumped the identity logs through an ELK stack, on top of which he placed continuous vulnerability detection with Tenable. So the dashboard is a live screen full of alerts. A misfired policy tweak in Berlin could be spotted and reversed by analysts in Bengaluru before end users felt the glitch.
Governing at Scale
Compliance, the perpetual shadow of multinational business, required its own set of gears. Surendra coded event handlers that adjusted password policies to local data‑protection laws, while workflow templates obliged business managers, not just IT, to sign off on sensitive access. In the subsequent audit cycle, the company noted a substantial decline in access-review exceptions, which were credited to the streamlined workflows and enhanced compliance protocols implemented in the project.
Measuring the Impact
The overhaul’s full impact may be hard to quantify, but several tangible shifts stood out. Manual provisioning was reduced by over 70%, effectively freeing thousands of hours that service desk teams previously spent on repetitive requests. Audit preparation, often a marathon of spreadsheet cross-checks, became markedly smoother, with centralized evidence cutting prep time by half. Perhaps most crucially, system stability was preserved even during high-traffic product launches. One internal report noted a dramatic improvement in the time it took to detect configuration errors; what once took days could now be flagged and addressed within minutes, a shift enabled by the real-time visibility introduced through the ELK and Tenable integrations.
A Quiet Success and Its Skeptic
Surendra Vitla himself is wary of hero narratives. Asked how the experience changed him, he pauses before answering: “You learn that the loudest success is sometimes the absence of noise, the product launch that didn’t crash, the audit that didn’t spiral. If people can’t tell anything happened, we probably did it right.”
Looking Ahead
The framework crafted for the sportswear giant is now seeding other transformation efforts across its affiliated brands. Surendra Vitla has prototyped a self-service analytics module. This module allowed business owners to easily answer questions about data access in plain language, addressing the concerns of regulators and executives. Early demos suggested that natural‑language queries could surface hidden privilege escalations without a security engineer in the loop.
Whether that vision materialises will depend on budgets, priorities, and the next unavoidable crisis in cyberspace. The past years offer quiet assurance that the path to digital trust is often about methodical, invisible work. This work is done when the world is asleep.
