Andree Niebuhr, Wienerberger AG’s Head of IAM and SAP Compliance, shares his top four tips for overcoming the challenges of legacy IGA modernization.
On October 22 the Saviynt Road to CONVERGE 20 made its second stop in London, England. The event focused on how risk-based identity can increase effectiveness and drive efficiency in your IGA program. After a deep dive into the new Saviynt 2020 release, we topped off the night making artisanal gin and tonics.
If you missed the event, don’t worry, the content is available on-demand. The afternoon’s highlight was a chat between Andree Niebuhr, Head of IAM and SAP Compliance at Wienerberger AG, and Yash Prakash, Saviynt’s COO. Their conversation centered on digital transformation challenges in a large organization, pivoting to address COVID-19, and using identity to plan for an uncertain future. Andree offered some advice from their digital transformation journey and award-winning identity & governance project.
Wienerberger’s Identity Journey
Wienerberger is an international construction powerhouse with operations in over 30 countries, 200 production sites, and approximately 17,000 employees. Rolling out any change in such a diverse environment requires effective project planning and management to ensure consistent implementation on this scale. Taking on the modernization journey is no small task, and has to be approached with purpose and direction.
Wienerberger’s rapid implementation of Saviynt’s IGA solution took eighteen months while meeting — and in many cases exceeding— all of Wienerberger’s critical objectives. Despite the challenges and the advent of COVID-19, they made dramatic changes in their operations and infrastructure. The successful implementation won them the KCLive Award for Best IAM Mid-Market Project. Andree’s focus was key for overcoming the challenges of modernizing legacy IGA.
If you’re considering a similar journey, read on to discover the top insights Andree shared with the live audience during the event.
1. Start With the End in Mind
Wienerberer began their journey with a particular mindset that focused on critical applications and infrastructure. By focusing on a solid foundation, they could ensure that the implementation was targeted enough to be effectively managed throughout the process. Part of this management was “the implementation of the cookie-cutter approach ” and” being able to rely on standard procedures” from site to site, said Andree. From one country to the next, the team leveraged Saviynt to build functionality and ensure uniformity in delivery.
2. Operationalize Monitoring
One of the key benefits of modernization was moving to a point where monitoring is operationalized. Andree noted that “we see our dashboard every day, my team looks into KPIs that we have defined and Saviynt’s dashboard is producing back a number of conflicts.” This increased visualization allows for consistent change tracking in one location within the system, which would otherwise be lost without Saviynt. Using this built-in monitoring capability, Andree’s team moved to periodic reviews of external colleagues every 3 to 6 months. This review cycle ensured that access was needed and appropriate. The revamped process helped tighten down security and close off dangling permissions.
3. Gain Full Visibility into Critical Environments
One key aspect of this implementation was gaining basic visibility into the environment and having the full depth of visibility. This functionality was especially important when dealing with Segregation of Duties (SoD). Andree needed to “have visibility around this, not just in SAP segregation of duties, but also cross-application segregation of duties.” The added visibility allowed the team to see when conflicts might arise, which they often do in an international organization with some small offices. . Using this visibility allows for advanced identification of key stakeholders who can appropriately handle toxic permission combinations by placing compensating controls.
4. Build a Solid Foundation (and manage changing environments)
Despite a worldwide pandemic catching everyone by surprise, Wienerberger was ready for worst-case scenarios by following best practices. They had already established processes and procedures ahead of time for handling remote work. When COVID reared its head, there was the initial chaos, but the team was able to react and update the plan. Andree discovered, they “needed different procedures, so we sharpened up these procedures.” Having procedures in place meant avoiding a fresh start. Instead, they adapted what existed to fit the new paradigm.
The Saviynt Roadshow Continues
We learned a lot in England, but the Saviynt 2020 Global Identity Roadshow is in full swing, and there’s more to learn. Our next (virtual) stop is Seattle on November 5. We will feature Intermountain Healthcare’s CISO, Karl West & IAM Director, Michael Allred, as they share how identity is changing healthcare. Join us to get insider insights and learn how to increase productivity and security with an intelligent, simplified user experience during a live product demo by Saviynt’s Sr. Solutions Engineer, Ulrich Schultz.
We hope you can join us on the road. For a complete listing of all the upcoming Saviynt Roadshows, go here.