GE has gained substantial price efficiencies and efficiency advantages by centrally consolidating its as soon as fragmented identification and entry administration (IAM) infrastructure. Over an almost five-year interval starting in 2014, the corporate has built-in seven separate identification administration methods throughout a number of enterprise items right into a single platform that at present governs how two million workers and contractors entry GE purposes.
The brand new system has eradicated expensive redundancies and allowed GE to determine a standardized algorithm for enterprise-wide utility entry, claims Paul Bailey, chief of identification administration providers at GE. The centralized infrastructure has allowed GE to cut back the variety of individuals wanted to run the corporate’s IAM program from 250 to half that quantity. GE has additionally been in a position to winnow down its entry audit administration crew from a employees of 25 to only two globally.
Importantly, GE’s new identification administration platform has additionally made it simpler for the corporate to onboard new purposes, to grant, handle and terminate person entry, and to make sure that identities are managed in compliance with regulatory necessities, Bailey says.
What drove GE to alter its identification administration infrastructure
GE’s huge—and now almost full—enterprise is an instance of how organizations are evolving their IAM capabilities to maintain up with altering enterprise necessities and different traits.
In line with analyst group Gartner, the adoption of cloud and microservices architectures, elevated digitalization, and the ensuing spike in cyberthreats are quickly increasing the use instances for higher approaches to IAM. Gartner sees IT leaders over the following few years needing to tie their identification methods extra carefully with safety and fraud methods, allow larger ranges of automation and communication between IAM modules, and implement information administration insurance policies which can be extra respectful of buyer consent.
“The rising scope and complexity of recent identification environments is changing into too troublesome to handle within the traditional methods,” Gartner famous. The development requires “IT leaders to evolve their identification and entry administration environments.”
Bailey says GE’s identification consolidation undertaking grew out of a necessity for higher scalability, flexibility and velocity. As a world conglomerate, GE operates in a number of industries, together with aviation, healthcare, power, capital, oil and fuel, and energy. A number of of the areas that the corporate operates in are closely regulated with strict necessities for IAM.
GE’s aviation and power enterprise, for example, wants to stick to U.S. export controls regulating the sale or switch of managed software program, know-how and providers out of the US. A part of doing that includes ensuring that solely individuals with the fitting clearance have entry to methods containing Division of Protection (DoD) information on them. GE has to stick to related necessities in different areas of its enterprise together with these associated to SOX, HIPAA and the FDA.
Fragmented identification administration infrastructure and different challenges
5 years in the past, GE’s identification administration infrastructure was based mostly on know-how from Oracle. The platform was close to end-of-life and did not have the scalability and suppleness to assist GE’s evolving necessities for its identification administration program.
On the time, every of GE’s enterprise items had separate identification administration methods—seven in all—with totally different groups managing them utilizing totally different processes. “We had an enormous crew of oldsters throughout these seven cases dealing with lots of the identical underlying features,” Bailey says. “It was not price efficient.”
As a result of GE did not have a typical IAM configuration on the time, the corporate had no option to outline and leverage centralized guidelines.
One in all GE’s major necessities when in search of a brand new identification administration system was scalability, Bailey says. The corporate wished one thing that will permit it to consolidate all seven separate identification administration methods right into a single platform that could possibly be centrally managed.
GE additionally wished a system that will permit directors to extra simply configure enterprise particular guidelines for particular person identities. The corporate wanted that flexibility to accommodate the distinctive entry necessities of various companies—such because the aviation unit’s must adjust to DoD’s entry restrictions, Bailey notes. “With Oracle it was a number of laborious coding,” to construct these enterprise guidelines into identities, he recollects.
Onboarding new apps enterprise extensive was difficult as properly given the extremely fragmented nature of GE’s identification administration program 5 years in the past. It was a course of that would generally take as much as 5 months. So GE wished its subsequent identification platform to assist the flexibility to shortly onboard new purposes.
The brand new identification administration platform
GE’s new IAM infrastructure is predicated on know-how from SailPoint Applied sciences. The corporate’s IdentityIQ platform helps all the necessities GE had in thoughts when in search of a consolidation platform, Bailey says. It’s scalable, permits for entry guidelines to be simply configured and importantly, helps GE’s requirement for fast utility onboarding by way of so-called ‘connectors’ for shortly connecting to enterprise apps, cloud-hosted purposes, databases and directories. Within the Oracle atmosphere, GE needed to usually construct its personal connectors and Net providers to combine with new purposes, which contributed to prolonged app onboarding instances.
There have been different advantages as properly. GE now has higher visibility into how, when and the place individuals are accessing purposes and providers. GE directors can shortly confirm if individuals accessing an utility are doing so in a compliant and absolutely auditable method.
Staff in GE’s healthcare enterprise, for example, are required to have FDA regulated coaching to entry sure sorts of protected information. Prior to now, identification administration employees had a tough time verifying if these accessing the information had certainly acquired the required coaching or had been accessing it with out finishing that requirement. GE can now insert an API-based framework that permits the IAM crew to attach on to GE’s coaching atmosphere and confirm if the right programs have been accomplished, Bailey says.
Sooner or later, Bailey and his crew hope to have the ability to leverage SailPoint’s identification analytics capabilities for position administration, position mining, to conduct entry audits, to handle danger and for different use instances. GE can be seeking to more and more transfer to extra of a self-service mannequin the place apps devour identification administration providers in an automatic vogue, Bailey says.
Enterprise progress, enterprise digital transformation efforts and regulatory compliance necessities have outpaced the flexibility of legacy IAM methods to maintain up, says Paul Trulove, SailPoint’s chief product officer. Many organizations are being pressured to improve. “GE is just like a number of corporations operating out of steam with present industrial or homegrown identification administration options,” Trulove notes.