Journey to the Cloud with Phillips 66 and Saviynt IGA

With nearly 150 years of experience, Phillips 66 is a diversified energy manufacturing and logistics company with unique businesses in Refining, Midstream, Chemicals, and others.

The company is engaged in refining, transporting, and marketing natural gas liquids petrochemicals. They are also active in research and development of emerging energy sources and partners with Chevron. A Fortune 500 company headquartered in Houston, Texas, Phillips 66 has approximately 14,000 employees worldwide and has operations in the United States, United Kingdom, Germany, Austria, and Switzerland.

In 2019, Phillips 66 embarked upon a digital transformation effort. Their existing Identity Governance and Administration (IGA) program was based on an on-premises Quest Identity Manager solution that was no longer being supported and did not integrate with cloud applications.

The IGA modernization initiative – informally called Journey to the Cloud – focused on building more resiliency and flexibility into their program. To future-proof their program, they were looking exclusively at cloud-first solutions that could support a hybrid environment initially during the cloud transformation. Price was a secondary consideration at the time.

With Saviynt, Phillips 66 was able to modernize with a cloud-native solution that simplifies IGA by increasing organizational agility through automation and intuitive workflows. Saviynt IGA also helped Phillips 66 ensure users have seamless app and infrastructure access without compromising compliance. As a future-proof, cloud-first solution, Saviynt IGA provides seamless, secure access to necessary resources on-premises, in the cloud, and in hybrid environments.

Migrating Away From Unsupported Legacy Systems

Phillips 66 needed an IGA solution that could create a strong foundation for a holistic digitally-enabled environment and increase functional IGA capabilities across all of the company’s functions. The security team also wanted to ensure standardization and consistency of control execution, processes, and tools to improve user experience and enforce governance and regulatory compliance.

With these goals in mind, they formulated a three-year, three-phase initiative that started with moving their IGA program to the cloud. The first year was to be the “lift and shift” of all the existing functionality. The second year would be the build out of the attestations and the access certifications, and the third year would focus on application access governance for critical systems such as SAP.

But in the first half of 2020, COVID hit and budgets were cut. At a moment’s notice, their plans had to change. Because overall business was down for energy companies, price was now a major consideration, as was speed of deployment. As a result, Phases Two and Three were put on hold, and there was immense pressure to deploy Phase One as soon as possible.

Finding the Right Cloud-Native IGA Solution

When evaluating solutions, Phillips 66 used a 300-point Proof-of-Concept (POC) trial that included flexibility and ease of use, robust workflows, permissions granularity, and the ability to integrate with multiple endpoints, both on-prem and in the cloud. Phillips 66 had been using homegrown on-prem Active Directory-based tools to manage their access certification/attestation efforts that added several levels of complication to the process.

They chose Saviynt IGA because it ranked as the highest-scoring solution on their POC trial, indicating that it was the right solution to meet their needs.

Saviynt IGA:

• Manages the Active Directory user objectsand entitlement objects and all the other endpoints, whether on-premises, in the cloud, or spread across multiple clouds

• Detects Separation of Duties (SoD) violationsare occurring by identifying any existing toxic combinations and preventing new ones

• Ensures records are being kept through its audit capabilities

• Prevents duplicate identities

And Saviynt IGA provides a single pane of glass, so that security personnel have one point of visibility over the identity and access management system.