GE has gained substantial value efficiencies and efficiency advantages by centrally consolidating its as soon as fragmented id and entry administration (IAM) infrastructure. Over a virtually five-year interval starting in 2014, the corporate has built-in seven separate id administration programs throughout a number of enterprise items right into a single platform that at the moment governs how two million workers and contractors entry GE functions.
The brand new system has eradicated expensive redundancies and allowed GE to ascertain a standardized algorithm for enterprise-wide utility entry, claims Paul Bailey, chief of id administration companies at GE. The centralized infrastructure has allowed GE to scale back the variety of folks wanted to run the corporate’s IAM program from 250 to half that quantity. GE has additionally been capable of winnow down its entry audit administration staff from a employees of 25 to simply two globally.
Importantly, GE’s new id administration platform has additionally made it simpler for the corporate to onboard new functions, to grant, handle and terminate person entry, and to make sure that identities are managed in compliance with regulatory necessities, Bailey says.
What drove GE to vary its id administration infrastructure
GE’s huge—and now practically full—enterprise is an instance of how organizations are evolving their IAM capabilities to maintain up with altering enterprise necessities and different tendencies.
In response to analyst group Gartner, the adoption of cloud and microservices architectures, elevated digitalization, and the ensuing spike in cyberthreats are quickly increasing the use instances for higher approaches to IAM. Gartner sees IT leaders over the following few years needing to tie their id programs extra intently with safety and fraud programs, allow larger ranges of automation and communication between IAM modules, and implement knowledge administration insurance policies which might be extra respectful of buyer consent.
“The rising scope and complexity of contemporary id environments is changing into too troublesome to handle within the normal methods,” Gartner famous. The pattern requires “IT leaders to evolve their id and entry administration environments.”
Bailey says GE’s id consolidation challenge grew out of a necessity for larger scalability, flexibility and pace. As a worldwide conglomerate, GE operates in a number of industries, together with aviation, healthcare, power, capital, oil and fuel, and energy. A number of of the areas that the corporate operates in are closely regulated with strict necessities for IAM.
GE’s aviation and power enterprise, as an example, wants to stick to U.S. export controls regulating the sale or switch of managed software program, expertise and companies out of the US. A part of doing that includes ensuring that solely folks with the best clearance have entry to programs containing Division of Protection (DoD) knowledge on them. GE has to stick to related necessities in different areas of its enterprise together with these associated to SOX, HIPAA and the FDA.
Fragmented id administration infrastructure and different challenges
5 years in the past, GE’s id administration infrastructure was based mostly on expertise from Oracle. The platform was close to end-of-life and did not have the scalability and suppleness to help GE’s evolving necessities for its id administration program.
On the time, every of GE’s enterprise items had separate id administration programs—seven in all—with totally different groups managing them utilizing totally different processes. “We had an enormous staff of parents throughout these seven cases dealing with most of the similar underlying capabilities,” Bailey says. “It was not value efficient.”
As a result of GE did not have a typical IAM configuration on the time, the corporate had no option to outline and leverage centralized guidelines.
Considered one of GE’s main necessities when in search of a brand new id administration system was scalability, Bailey says. The corporate wished one thing that might enable it to consolidate all seven separate id administration programs right into a single platform that could possibly be centrally managed.
GE additionally wished a system that might enable directors to extra simply configure enterprise particular guidelines for particular person identities. The corporate wanted that flexibility to accommodate the distinctive entry necessities of various companies—such because the aviation unit’s must adjust to DoD’s entry restrictions, Bailey notes. “With Oracle it was quite a lot of laborious coding,” to construct these enterprise guidelines into identities, he remembers.
Onboarding new apps enterprise vast was difficult as nicely given the extremely fragmented nature of GE’s id administration program 5 years in the past. It was a course of that would generally take as much as 5 months. So GE wished its subsequent id platform to help the power to rapidly onboard new functions.
The brand new id administration platform
GE’s new IAM infrastructure is predicated on expertise from SailPoint Applied sciences. The corporate’s IdentityIQ platform helps all the necessities GE had in thoughts when in search of a consolidation platform, Bailey says. It’s scalable, permits for entry guidelines to be simply configured and importantly, helps GE’s requirement for fast utility onboarding through so-called ‘connectors’ for rapidly connecting to enterprise apps, cloud-hosted functions, databases and directories. Within the Oracle setting, GE needed to usually construct its personal connectors and Internet companies to combine with new functions, which contributed to prolonged app onboarding occasions.
There have been different advantages as nicely. GE now has higher visibility into how, when and the place individuals are accessing functions and companies. GE directors can rapidly confirm if folks accessing an utility are doing so in a compliant and totally auditable method.
Workers in GE’s healthcare enterprise, as an example, are required to have FDA regulated coaching to entry sure sorts of protected knowledge. Previously, id administration employees had a tough time verifying if these accessing the information had certainly obtained the required coaching or had been accessing it with out finishing that requirement. GE can now insert an API-based framework that permits the IAM staff to attach on to GE’s coaching setting and confirm if the proper programs have been accomplished, Bailey says.
Sooner or later, Bailey and his staff hope to have the ability to leverage SailPoint’s id analytics capabilities for function administration, function mining, to conduct entry audits, to handle danger and for different use instances. GE can also be seeking to more and more transfer to extra of a self-service mannequin the place apps eat id administration companies in an automatic vogue, Bailey says.
Enterprise development, enterprise digital transformation efforts and regulatory compliance necessities have outpaced the power of legacy IAM programs to maintain up, says Paul Trulove, SailPoint’s chief product officer. Many organizations are being pressured to improve. “GE is much like quite a lot of corporations working out of steam with present business or homegrown id administration options,” Trulove notes.