Identity Defined Security

As a leader in innovative aerospace manufacturing with locations across the world, Airbus recognized the need to fortify its third-party identity management processes to better meet the operational efficiency and security needs of its evolving business and supply chain. Specifically, Airbus wanted to upgrade its identity management capabilities around lifecycle management, data quality, and obsolescence management for its third-party, non-employee users.

Common to most manufacturers, Airbus works with a significant number of outside contractors and partners related to its commercial aircraft, helicopter, defense, security and space markets. What’s particularly unique to Airbus, however, is the scale of the situation. Airbus has more than 10,000 partner organizations around the globe that are provided with access to 5,000 internal applications while working either in situ or ex situ.

For Airbus, third-party users outnumber employees so appropriately managing supplier access with controls that provide scalability and frequent identity proofing to prove the person accessing data, systems, or facilities is authorized is critical to security. A primary concern given this number of non-employee identities is that each one requires different levels of access to the organization’s assets throughout Airbus’ supply chain processes. And since many of these non-employee identities also have contracts with Airbus’ direct competitors, the risk of intellectual property breach is further exacerbated.

Mitigating this risk was a key motivator for Airbus to prioritize proper identity and access management and identify blind spots, such as downstream access. Given this complex web of third-party identities and the high turnover rates of contracted workers, Airbus also sought a more efficient and secure process for onboarding and deprovisioning non-employees to lower risk and protect against improper access.

In this presentation, Guillaume Lugat, Head of Identity & Access Management for Airbus, will share an overview of how the company manages its third-party identity lifecycle to drive its business forward. Using SecZetta’s Third-Party Identity Risk Solution, Airbus successfully manages its diverse third-party identity ecosystem through the entire lifecycle of each non-employee, from the initial access to the final timeframe of completed work. Armed with these tools, Airbus ensures appropriate access is granted to the right person at the right time and unauthorized or deprovisioned contacts are removed in a timely manner. SecZetta’s solution provides Airbus with an authoritative source for non-employee data to improve operational efficiency and accuracy in provisioning access, streamlining compliance audits, assessing risk, providing identity verification, and deprovisioning access at the conclusion of a relationship.

As organizations continue to advance through digital transformation, expand their partner network, and leverage non-employees for business needs, Mr. Lugat will offer strategies for other organizations to successfully manage their third-party identities to prevent potential breaches.

Session attendees will gain a clear understanding of the evolving supply chain ecosystem and how the proliferation of non-employees (and non-human workers) is presenting significant new third-party security risks organizations must be aware of and work to combat.

Session attendees will hear a case study of the global aircraft manufacturing organization Airbus and their initiatives to implement an identity management solution that both scales to support its high volume of third-party users, provide appropriate supply chain access, and automate its lifecycle management processes for on- and off-boarding contracted partners. Airbus will discuss the selection criteria it used to identify and implement this solution and how it measures success.

Attendees will leave the session with an understanding of proven modern security technology strategies that can be put in place to successfully manage their third-party identities to mitigate risk.