Case Study

Enterprise Nonprofit Access Controls Assessment

Identity & access · Enterprise nonprofit

From Fragmented Controls toA Clear Roadmap.

A national enterprise nonprofit needed an independent view of access controls across directory services, authentication, name resolution, network edge protection, and privileged access. OWCER delivered a structured assessment with prioritized gaps leadership could act on—without disrupting daily operations.

The problem

The organization operates a mature enterprise identity and security stack—Active Directory, federated authentication, MFA, privileged access management, and layered network protection. Leadership needed confidence that controls worked together as designed: that DNS and directory services aligned, that authentication paths were understood end to end, and that gaps between policy and practice were documented with clear remediation priorities—not buried in vendor silos or tribal knowledge.

Our approach

OWCER ran a structured access-controls assessment aligned to the organization’s identity and security domains. Each area was reviewed against current-state documentation, configuration evidence, and operational interviews—producing findings leadership could prioritize without exposing confidential internals in public materials.

  • Directory services — Active Directory Domain Services topology, organizational structure, and health indicators relevant to access control and delegation
  • Name resolution — integration and consistency across enterprise DNS, external authoritative services, and directory-integrated zones
  • Authentication — AD DS, ADFS, MFA (SecureAuth), certificate-based access, and CyberArk privileged access management; end-to-end auth flow mapped for review
  • Network protection — WAF, proxy infrastructure, FireEye network security, and F5 Big-IP load balancing as they relate to identity-aware edge controls
  • Supporting controls — email security, SSO patterns, and cross-cutting observations tying identity decisions to governance and zero-trust readiness

Where AI and automation touch identity workflows, findings were framed against AI governance expectations—so access-control remediation stays compatible with emerging copilot and automation programs.

Outcomes

  • Documented gaps — access-control weaknesses cataloged by domain with severity and business impact, ready for steering-committee review
  • Prioritized recommendations — remediation roadmap sequenced by risk reduction and operational feasibility, not vendor checklist order
  • Auth flow clarity — federated and MFA paths mapped so security, infrastructure, and application teams share a single reference for how users authenticate
  • Actionable AD, DNS, and PAM findings — directory, name-resolution, and privileged-access observations leadership could assign to owners without re-opening the full assessment

“We needed more than a tool inventory—we needed to know where our access controls actually lined up and where they didn’t. The assessment gave us a prioritized list we could take to the board and to our remediation teams.”

— IT security leadership, enterprise nonprofit

Discuss identity & security

All case studies · Client testimonials · GCCH platform case study · AI activation case study · Identity & security services · AI governance

General Services Administration
General Services Administration
Headquarters Air Force
Headquarters Air Force
MUFG
MUFG
GAF
GAF
Department of the Treasury
Department of the Treasury
Headquarters Marine Corps
Headquarters Marine Corps
FEMA
FEMA
Air Force Legal Operations Agency
Air Force Legal Operations Agency
Staples
Staples
Find BAComps
Find BAComps
Emory University
Emory University
Dignari
Dignari
NantHealth
NantHealth
AARP
AARP
GetSlim Wellness
GetSlim Wellness