Saviynt helped Phillips 66 with their IGA modernization initiative, building more resiliency and flexibility into their program and enabling them to migrate away from unsupported legacy systems.
With nearly 150 years of experience, Phillips 66 is a diversified energy manufacturing and logistics company with unique businesses in Refining, Midstream, Chemicals, and others. The company is engaged in refining, transporting, and marketing natural gas liquids petrochemicals. They are also active in research and development of emerging energy sources and partners with Chevron. A Fortune 500 company headquartered in Houston, Texas, Phillips 66 has approximately 14,000 employees worldwide and has operations in the United States, United Kingdom, Germany, Austria, and Switzerland.
In 2019, Phillips 66 embarked upon a digital transformation effort. Their existing Identity Governance and Administration (IGA) program was based on an on-premises Quest Identity Manager solution that was no longer being supported and did not integrate with cloud applications.
The IGA modernization initiative – informally called Journey to the Cloud – focused on building more resiliency and flexibility into their program. To future-proof their program, they were looking exclusively at cloud-first solutions that could support a hybrid environment initially during the cloud transformation. Price was a secondary consideration at the time.
With Saviynt, Phillips 66 was able to modernize with a cloud-native solution that simplifies IGA by increasing organizational agility through automation and intuitive workflows. Saviynt IGA also helped Phillips 66 ensure users have seamless app and infrastructure access without compromising compliance. As a future-proof, cloud-first solution, Saviynt IGA provides seamless, secure access to necessary resources on-premises, in the cloud, and in hybrid environments.
Steve Edford
Analyst, Identity and Privileged Account Management, Phillips 66
Migrating Away From Unsupported Legacy Systems
Phillips 66 needed an IGA solution that could create a strong foundation for a holistic digitally-enabled environment and increase functional IGA capabilities across all of the company’s functions. The security team also wanted to ensure standardization and consistency of control execution, processes, and tools to improve user experience and enforce governance and regulatory compliance.
With these goals in mind, they formulated a three-year, three-phase initiative that started with moving their IGA program to the cloud. The first year was to be the “lift and shift” of all the existing functionality. The second year would be the build out of the attestations and the access certifications, and the third year would focus on application access governance for critical systems such as SAP.
But in the first half of 2020, COVID hit and budgets were cut. At a moment’s notice, their plans had to change. Because overall business was down for energy companies, price was now a major consideration, as was speed of deployment. As a result, Phases Two and Three were put on hold, and there was immense pressure to deploy Phase One as soon as possible.
Finding the Right Cloud-Native IGA Solution
When evaluating solutions, Phillips 66 used a 300-point Proof-of-Concept (POC) trial that included flexibility and ease of use, robust workflows, permissions granularity, and the ability to integrate with multiple endpoints, both on-prem and in the cloud. Phillips 66 had been using homegrown on-prem Active Directory-based tools to manage their access certification/attestation efforts that added several levels of complication to the process.
They chose Saviynt IGA because it ranked as the highest-scoring solution on their POC trial, indicating that it was the right solution to meet their needs.
Saviynt IGA:
Manages the Active Directory user objects and entitlement objects and all the other endpoints, whether on-premises, in the cloud, or spread across multiple clouds
Detects Separation of Duties (SoD) violations are occurring by identifying any existing toxic combinations and preventing new ones
Ensures records are being kept through its audit capabilities
Prevents duplicate identities
And Saviynt IGA provides a single pane of glass, so that security personnel have one point of visibility over the identity and access management system.
Saviynt Provides Phillips 66 an IGA Foundation Built for Simplicity and Scale
With Saviynt IGA, Phillips 66 has completed a successful migration to the cloud. Saviynt IGA is now helping Phillips 66 secure around 25,000 users and 40 applications internationally. Now, Phillips 66 can oversee their Active Directory groups and service accounts seamlessly, expedite certifications and streamline risk reduction efforts with advanced analytics. Attestations are reviewed on time at regular intervals, and birthright access, provisioning and deprovisioning are automated.
Saviynt IGA is one of five modular products combined in a single, cohesive platform, Enterprise Identity Cloud (EIC), that unifies controls and risk management for every identity, app, and cloud across your business. EIC consolidates management of IGA, privileged access management (PAM), and third-party, application access and data access governance.
This convergence allows large organizations to quickly adopt a full-featured, identity security platform, or they can choose to efficiently build from a lightly deployed solution to an enterprise deployment as their needs change and grow.
Powered by a comprehensive identity warehouse and an extensive controls library for risk-based, continuous compliance and security, Saviynt IGA is an important component of Phillips 66’s identity security program. Future plans for Phillips 66 include taking advantage of Saviynt EIC to reduce dependencies on other products and simplify their identity security infrastructure.