Accelerating Identity Governance & Administration (IGA) ROI using Saviynt

Guest Author - Dawn Kongvongsay

Guest Author - Dawn Kongvongsay

IAM Architect for Pathmaker Group

How does saving $2,000,000 annually for maturing your IGA program sound?

That’s the question that Dawn Kongvongsay poses to readers in the first installment of Saviynt’s Voice of the Customer series. 

In this series, readers get a chance to hear what customers have to say about Saviynt’s products and services. This month Saviynt welcomes Dawn Kongvongsay, IAM Architect for Pathmaker Group. She wrote this during her previous tenure as Technical Project Manager overseeing the Saviynt deployment.

Implementing Saviynt, we reduced our core application connector spend 90% from $2.5M to $257,000 for 25 applications. This includes user IDs provisioned two hours after HR updates, new hire status to “Active”, and automation of 25 of our most risky and prized applications for compliance, security, and provisioning. It also includes managing IGA for cloud Infrastructure and data. More importantly, ROI increases exponentially the more applications and platforms you manage with Saviynt.

Let’s examine the ROI of using Saviynt for an IGA program to speed automation, access security and compliance. When I first looked into Saviynt, I thought this thing can cook dinner for us!  It is several levels up in the IAM maturity model.  Why is that? Saviynt has built-in front-end, out of box connectors, very loosely-coupled and uses the power of access risk analytics and intelligence to drive big increases in productivity including:

The advantage is the Saviynt platform converges Identity Governance and Administration (IGA), Data Access Governance (DAG), IaaS Governance, Segregation of Duties (SoD), Consumer Identity and Access Management (CIAM), Cloud Privileged Access Management, Cloud Security and Hybrid IT. Saviynt forward-thinking takes tremendous advantage of the Amazon Web Services platform to help build its product sets into a single dashboard.

Screen Shot 2020-04-14 at 12.33.35 PM

Customers often asked, “How do we get started and which tools should we use for our Identity & Access Management program to be compliant?  We are paying a lot of money to hire auditors as they work with our internal compliance team taking time away from their daily tasks for compliance, and we are assessed fines for noncompliance.” 

The systematic value of IAM portfolio programs is to Increase Security, Process Automation, and Compliance.  The IAM Lifecycle and Services illustration below (Figure 1) shows Onboarding, Transfers and Termination. The Saviynt IGA platform covers 70% of the functionalities needed:

Enabling these functionalities by 1) making them requirements in your IAM portfolio program and 2) executing these components gives Saviynt the transactional data needed for analytics.  These analytics create the reports that Audit/Compliance and other Information Security personnel require. A high-level map of the IAM Lifecycle & Services to Saviynt:


Examine Saviynt IGA platform ROI calculations using these factors: 

  1. current user provisioning management and provisioning costs – access for joiners, leavers and transfers
  2. administration costs
  3. compliance reporting and audit costs
  4. overall rapid employee productivity due to automated access
  5. *costs of security breach, risk, damages

For example: assuming an average salary of $65,000, every day of lost work due to slow provisioning could cost an enterprise, school, or governmental agency nearly $260 a day. A large company with 500 new hires a year could easily lose $130,000 to $2M per year.  

In a typical organizational setup with before and after costs showing ROI.  Implementing Saviynt generates an immediate 89% resource and cost utilization savings. This frees organizational resources to restructure as needed.

More on Saviynt …

Saviynt’s built-in intelligence derives Governance details and mash up with its out-of-the-box controls that auditors are looking for. On compliance, internal and external auditors typically work year-round to catch up with monthly and quarterly access reviews, capture evidence and sit with any of the application owners to pull access details, orphan accounts, and privilege access reports among others. There is additional risk of error in manual reporting for audit reports.

If you look into integration you will see that technologies such as connectivity through database, flat-file, web services, and java are loosely coupled with credentials such as client IDs, secret IDs and connection parameters which are entered directly into Saviynt configuration platform. These configurations can be exported for deployment to the next environment or a new tool. Governance and security controls are in place from the start.


On Cloud and SaaS (Oracle EBS, Workday, Salesforce)

AWS and Azure call to mind an on-premise resource pool of developers, DBAs, testers, system admins, and release management who check out code from a repository to build. These resources have a duty to perform and they cannot step all over each other. Through Saviynt’s integration with AWS and Azure you eliminate the guesswork of where to apply security. 

For the still relevant Oracle HCM and Financials, Saviynt has out of the box controls to catch separation of duties for access.

In summary Saviynt is:

Identity Access Governance

Discover, design and manage roles and rules. Manage delegated administration of users with integrated audit and traceability. Leverage risk profiling as a trigger for adaptive authentication Policy and Group Management.

Application Access Governance

Application level separation of duties. Management usage analytics and transaction monitoring. Role and privilege access design, mining and governance. Continuous controls monitoring.

Infrastructure Access Governance 

Robust controls library for visibility and actionable remediation. Near real time workload security policy enforcement. Integration tools to enable DevOps with less risk. Privileged account and management and monitoring.

Data Access Governance

See who and what data is saved and shared in Box, DropBox, O365, SharePoint, GSuite, and Hadoop

Privilege Access Management

  • Cloud Privileged Access Management
  • Maintaining Effective Security Across IT Environments
  • Continuous Controls Monitoring, Visibility & Compliance
  • Infrastructure & Identity Lifecycle Governance
  • Automation Eases Compliance Burdens

About Saviynt

Saviynt is the innovative, disruptive Identity Governance and Administration solution leader per industry analysts. Saviynt’s third-generation IGA product (Identity 3.0) is a hyper-converged platform that brings together intelligent Identity Governance & Management, Application GRC, identity-centric cloud security and cloud Privileged Access Management (PAM). Saviynt enables organizations to leverage ‘identity as the true perimeter’ across a multi-cloud and hybrid IT environment and ensure appropriate access with its usage-driven identity intelligence and analytics. Saviynt provides industry’s most comprehensive out-of-the-box continuous compliance controls library and cross-application Separation of Duties (SOD) risk rules for mission-critical applications such as SAP, Oracle Cloud ERP / EBS, Epic, Cerner, Infor, MS Dynamics GP, PeopleSoft, Salesforce and Workday. Saviynt’s identity 3.0 solution extends security for IaaS providers such as AWS, Azure, GCP, Alibaba Cloud, and collaboration or data storage platforms such as Office 365, SharePoint, Box, NetApp and more. Saviynt has recently ranked in the top third of the Inc 5000 list of America’s Fastest Growing Private Companies.

For more information about managing identity security for your organization, contact us for a demo.

Schedule a Demo

Ready to see our solution in action?
Sign up for your demo today.