Show Transcript
Hide Transcript
My name is Bethina Luckov. I work in the BEC. We work in financial technologies. So we are developing solutions for Danish banks. And of course, being in finance our top priority is security and compliance and protecting our customers' data, which are sensitive and financial data.
What we like about having integrated Identity Manager with Safeguard is it's very low maintenance for us because we are not maintaining servers, we're not maintaining accounts, we don't have to on a daily basis go in and add in this information because it's information we are already getting from CMDB and being delivered from our Identity Manager. So our end users are already adding in this information.
There was no reason for us to having to add that information manually in ourself well because the information is already available. So for us it was a no brainer we need something to integrate, so we can have that information delivered completely automatically. We don't have to lift a finger. It's just right there.
A different part of it, it's a very resilient system safeguard. So we don't have any incidents where we cannot connect. We are not getting the phone calls at night saying, the system is down, we have been running for a year now and we have never lost contact. It has never been an issue for us, which is really important because this is our accesses to our production environments.
If we are not up and running our company cannot access their production environments. So we need something that's reliable and we need to make sure that they can access their production environment at all times. Because if there's any kind of issue or they have deployed new development, things like that, it needs to be accessible for them.
But it also we have a more of an integrated team instead of we have an IAM team and PAM team. We have one team working together because we have these solutions, which are working together. So they also get more colleagues. And we have more people that they can have chats with about new development, about new stuff coming in the future. So we actually get a better integrated team having the systems integrated as well.
We had our own developed solution to document our accesses in BEC and we had a secondary solution to do our provisioning. We had a lot of manual steps and we identified some areas where there was room for improvement on the compliance side as well. And so we really needed to raise the level, we needed to have a higher degree of optimizations.
A main thing for us was to get rid of a lot of our legacy and in the meantime also do the needed lift and compliance and optimizations. The less manual processes you have, the less manual steps you have, the less of a risk you have of making mistakes.
And we started looking into the different solutions ended up with Identity Manager and that helped us address some of these issues about transparency in our accesses having it automated, and also supporting our end users, our internal business, and having easy access to what they need, but also making sure that they are able to identify the things they don't need anymore so you only gain access to what you have a work need for.
When it comes to privacy access management, there are many concerns. But for us on top of our list, you have on one side you want to protect your company against unauthorized access from the outside. So you don't want to have one of your privileged accounts and password breached and used for something malicious in your systems or in your environment.
So one part of it is getting those password locked down. So they are not available for anyone. Nobody knows your password, unless it's necessary for them to use it. On the other hand, you have internally in your company people tend to take the easy way, right?
So if you have a privileged access, and it's easy to use that to gain some information you need for something then you would use that. But having a PAM solution where you have to give a valid and good reason for using your privileged access it makes people stop and think about, is this necessary, do I need to use my privileged account for this, is there some way else I can obtain what I need. And then they won't be using their privileged accesses unless it's absolutely necessary.
So that's a bonus you get on top of having a PAM solution protecting your production environment. We had already on boarded Identity Manager we were running Identity Manager on our Active Directory and we were running it on REKEF So we already had a nice level of control of our access.
We knew who has access where and when, who has approved. All that information was available for us, including our privileged accesses. We had in our IAM tool. But we need an extra layer of security. We need to make sure that our production environment are safely closed down. We need to make sure that no password could be misused in any way. So we needed a PAM solution which was the next step for raising compliance in our company. We
Looked at the different PAM solutions available on the market, trying to find a solution which would fit our requirements best. And our requirements very high level was, we want high automation, we want to have a very user friendly interface because this is something that a lot of people working in our company is going to use. So it has to be easy. User friendly, fast, so it doesn't prevent them from doing their daily work. But it has to have the right level of security as well.
So we have different proposals and Intragen helped us with a proposal on Safeguard. So they came back with a solution where our IAM tool Safeguard would be integrated and everything would happen automatically, everything was set up and safeguards automatically. So we don't have to spend time on adding servers, creating accounts, anything like that. It's integrated with our CMDB and it's integrated with One Identity Manager.
And based on all the information we already have available, it's a huge push of a button and then you can get on boarded into the PAM solution. So we're not wasting a lot of time and resources on people having to maintain the solution on a day to day basis. It's only maintenance upgrading things like that we actually have to do.
The rest is done by our business by adding in the right information in our CMDB, adding in the right information in One Identity Manager. And then you are on boarded in the PAM solution and your production environment is closed down. Your passwords are protected. And there is no need for us to spend a lot of time on doing anything every time we get a new solution or anything like that fully automated.
Previously reporting on compliance was a bit difficult because we had to do a lot of our reporting manually. So you only do that when you really need to. If you're doing attestations and you have to have the data, then you're doing your reporting, but you're not doing it more than that because it's not easy accessible.
Now, we have easy accessible reports. There's out of the box reports we can use and there's also the report that we very easily can make ourselves and we can make them available for our end users. So when you look at the compliance side of that, you are more likely to use reporting if it's easy accessible or if you get it delivered automatically in an email once a month.
You will actually look at that data and you will use the data. But when it's not easy accessible, you only use it when you really have to. I would recommend Safeguard because you get a system that is very user friendly for the end users. So the people who has to use this on a daily basis, you have to think about them and what they have to go through.
So having something that is easy for them to use is very important when you're looking at solutions like this. And also on the other side of it, you have to think about protecting your production, you have to think about protecting the accesses, which are most important than your company, which is the privileged accesses. Those hold the keys to your most privileged data or your most privileged accesses you can obtain. This is the access that can cause damage to your company.
So having Safeguard which is very user friendly in the setup and for the end users is very important and that's why I would recommend Safeguard. Intragen has been what I would say a trusted partner for some years now. We work together on different projects concerning our Identity Manager. They helped us out with several projects we had running there.
So when it came to our PAM solution, we needed to have a PAM solution and Intragen was able to help us with that. Having Intragen already as a trusted partner for us and having them to help us with our PAM solution, really made it possible for us in the short amount of time doing something that would be fully automated because they had the knowledge about our business and our IAM tool and how that was already set up and running.
So they were able to make a design suggestion and help us develop-- help us with the development as well. Working with Intragen it's like working in one team. So for me, it's very important that when people are working together, you have a good energy. People are invested in the work they're doing.
And the approach I like and the approach Intragen also provided is this is not a vendor-customer relationship. It is that as well but we're working together as a team, so it's not them and us and we're not arguing about this and that, but we're working together as one unit.
So we have gained good colleagues, people we like to spend time with, people we like and know as well. And because of that, the energy in the team is really high and making great deliveries because of the way we're working.