View this video to hear how European University Institute and systems integrator, NetStudio, implemented an effective, secure and efficient Identity Governance and Administration solution by starting with business needs.
[MUSIC PLAYING] My name is Laura Biagiotti. I'm the security officer responsible for the information security at the European University Institute. EUI is an academic institution focusing on interdisciplinary research [INAUDIBLE] many research projects funded by European Union. So research data and data set on which research analysis is based are definitely the most critical data.
In addition, EUI protects access to personal data and financial data in compliance with law and regulations. Recent events has forced to work outside of a traditional office environment, requiring the introduction of new services accessible from internet. Recent events have forced to work outside of a traditional office environment, requiring the introduction of new services accessible from internet, significantly increasing the exposure of identities to the new threats.
So identities have become the new perimeter. Identities have been subject to an increasing number of threats. Phishing is the most common, also using [INAUDIBLE] impersonation of high profile executives, brute force attack against identities to access [? web ?] [? mail ?] and remote access. Credential staffing attacks increased due to more online activities. For example, the use of credential LinkedIn data breaches happened in the social media to attack organizations' identities.
We have established a cross-functional team combining resources and competencies from both hands. From EUI side, I lead the IM project, and we benefit of the contribution of IT subject matter expert and business analysts. NetStudio has provided the business development capabilities, designing the solution and implement the data using One Identity product.
NetStudio has a solid experience in delivering IM solutions. The project has taken advantage of their strong knowledge of One Identity product and the significant experience in designing the architecture of IM projects and in the implementation of business processes.
NetStudio is a [INAUDIBLE] consulting company focused only about the digital identity matter. NetStudio approach project for the Identity Governance starting from the analysis of the processes that related to the management of their accounts and according with business and compliance and regulations, granting users their IT access rights only to data and applications appropriate within their business role.
Here at NetStudio, everybody knows that an Identity Governance system is a success when all the business users are able to easily understand which application and which data their people are allowed to access. When they easily can do this intensively using the Identity Governance interface, the project is a success. If they do not, it is not.
The success of any IGA project requires the support and agreement of all stakeholders. To ensure this support, it is essential that the business drives projects and leads the technology, not vice versa. Because IGA projects typically span an entire organization and involve both the technical and business teams, be sure that policies and processes are defined, that the rules are understood, and that the rules are [? correctly ?] [? formed ?] and related back to the business.
Choosing the right IGA product is extremely important because choosing the wrong product or trying to get value from existing failed products can lead to project failure. It is also [INAUDIBLE] to allow IGA and other projects to be driven by system integrators or suppliers because IGA stakeholders understand their organization and its needs best. They should work closely with system integrator and suppliers to identify which IGA product best match all the current and the future requirements of the business. Start with the business requirements and then identify which IGA products support it. Don't start with the product.
We have been working with One Entity for at least five years. The ease of use of the interface for business users is the reason why we like to work with One Identity.
With Identity Manager, we have been able to establish Identity Governance, to reduce the time required to grant access from days to minutes, to reduce the administrative burden, especially for high turnover users, to address third-party risk, and most important from my perspective, we provide a real-time visibility on identities in the hands of responsible business owners without involving system administrators.
The reduction of risk, for example increasing the visibility of who has access to sensitive assets. Address third-party risk managing contractors' account. The achievement of Regulatory Compliance enforcing preventative and detective security controls. Operational Efficiency, manIGAng all types of accounts, service account, privileged account, and contractor account, using only One Identity repository and applying centralized policies.
The project's roadmap has a multi-year landscape. We have been deploying identity life cycles in phases, and we expect to [INAUDIBLE] new functionalities and new types of users adopting the upcoming technologies and in alignment with business objectives.