Event Recording

KCLive Award: Best IAM for Mid-Market Project


We have one project. We, we found very interesting because it was really about speed of deployment. It was about dealing with the relatively complex challenge in a very efficient manner. The complex challenge in that case was around dealing with segregation of duties. Well beyond trust SAP in the multinational environment, and also looking for a very rapid, rapid implementation. And that that all together is not that easy to do if you're, if you're honest. So when I look at how long some of the road projects I've seen in my I am career have taken, and how many of these projects didn't deliver to the expectations, then running such a project in a reasonably short period of time is, is really a great thing to do, to do it multinational, and to do it consistently across multiple regions. Again is a great thing to do, because if you're honest, it's sometimes relatively easy to do it for a single application in the call location.
If you want to do it for across the globe, more or less, then it's a it's. Then it's a difference thing. And doing it successfully in an organization, which is not finance industry, it's also important thing. So in that case, we, we, we saw that project in a, I would say an organization, which is somewhere between the mid-market and the, the large enterprise area. So considerably big, but not super, super big. So not in the hundred, hundred thousands of employees range, they are in the, the, the industry of building and construction materials, an industry where I have to admit, we, we rarely see advanced project when it comes to O D and, and stuff like that. So it's, if so than frequently, more down to earth, and they did it well in a, in a, in a complex multinational environment. So this is the background for that. And so the winner of this award is, and the best I am for big market winner is the BA. And it's a pleasure for me to welcome Mr. Nebo, who is head of identity access management at Wiki. Welcome Mr. Nibu.
Hi Martin, thanks for the introduction. And I'm happy to be here and happy to answer any questions related to this project.
Yeah. So, so, so maybe you can talk a little bit about how long it took and what, from your perspective were the, the, the biggest challenges and also the, and how, how you solved them. And how did you address this? So maybe give us a little bit of an introduction beyond what I said on this.
Sure. Yeah. As you indicated already, Martin Martin Berg, I large, very large supply of building material and also supply of infrastructure solutions, multinational company, with more than 17,000 employees in about 33 countries. And we used to have quite high above legacy systems in place previously to deal with segregation of duty conflict as a publicly listed company. Also Wienerberger ag needs to deal with segregation of duty, conflict needs to engage external auditors thoroughly on these matters. And the objective clear top down mandate was to remove legacy applications, get one single unique platform in place, and also have more rapidly analytics available towards senior stakeholders in the organization to AI, to, to deal with segregation of duty conflicts, but also mitigating controls. And given this background, we started late last year with first proof of concept, couple of different applications we looked at before. We went ahead with pilot in five countries, small countries, organizations, but also to large organizations and clear winner in this internal kind of benchmarking for solutions, identity governance, and access solutions was Sapient. And this is why we went ahead into the country implementations. And we are alive in 26 countries, roughly about 65 country organizations, meaning legal entities. And we have approximately 200 plus key users dealing with SA. And so that's, that's, that's it in a nutshell.
Okay, great. So, so how do, how do you run it? So in between several of might know, this is a SA solution, but other can run in other deployment model search deployment models. Did you opt for?
Yeah. So in this case, seven is fully cloud based and we looked at on premise solutions, previously legacy solutions, of course we're on-prem or, but we wanted to move given the it strategy. Also for Berg, we wanted to move also with a critical solution into a cloud. A bit of challenge initially was a lack of true source of identities. So we went ahead with a clear guideline. What is an identity embedded, a joinable process on top of the implementation and kind of consolidated input across HR and various it teams in this implementation clear from the beginning was that we needed almost a cookie cutter approach, given the agility. And the quick approach we wanted to take very lean organization usually was in burger for any corporate functions, corporate services. So we didn't have any, any big supporting teams in any country, other countries. It was a very lean, almost mean team here in the holding and country support from yeah. Decentralized approach out there in the countries.
So, so is that approach also helped you in, in delivering to what your organizations sort of is built for by having not the need for running a lot of instances yourself physically in your own data centers, but saying, this is the service and I, I get the service from the cloud
Indeed fully from, from the cloud. It was also about performance. We tested it in pretty remote plan. Also. It was also, yeah. Given of course, good bandwidth was available. It was always outperforming performance. And therefore we, yeah, we're convinced after DPU C and later the pilot and of last year that this was the best way to go.
And the project is still running as you expected it to be.
It's still running as expected indeed life just
Because we all know, sometimes it starts good. And then the more we go into detail. So the one thing I found interesting is you said, okay, you were initially looking more for ad solution, but you then implemented a chain L process as well. So, so going for something which is really more a, a broad IGA solution with death in, in the OD controls then was obviously a, a, a good choice of yours because it allowed you to, to solve these challenges with one solution.
Yeah, indeed. I mean, in terms of so D and the control, not the most senior person almost in country, the countries CFO is responsible for SD conflict. And in case he or she is accepting SD conflict, we need to run mitigating controls on top, in very small organizations in, in Europe, smaller countries, small country organizations, they can't truly mitigate or unwind SD conflict in all cases. So we needed almost a process control cockpit on top outstanding analytics on top to yeah. Provide visibility towards the senior stakeholders. These are state of, yeah, as of today, almost with a few clicks available OD conflict in the respective organization. So, and if you have not top of the art joinable lever process, you get question marks because maybe you have lever still included in your OD reporting. And then this provides, or initially you, you can create some doubts with these senior stakeholders.
So this is why we started from the beginning with a joiner move lever process embedded with true identity source into one unique platform, being ENT, and then went into segregation of duty conflicts and management of it, a workflow embedded of course, and analytics on top and last but not least what we also wanted to get out of thes solution was a process cockpit. So for smaller country organizations, those organizations that can't unwind segregation of duty conflicts in near term medic controls on top. So they review for example, vendor master data every month, if they accept vendor master sod, segregation of duty conflict. And if I may. So, so yeah,
So, so this is, this is in fact what you're advising in some way is, and that confirms a position I also take is you need a good foundation in, in the core identity management, like trying to move a lever like identity quality. So having a, a trusted identity, otherwise you always will struggle with the rest of what you're doing.
Indeed, indeed. And we also not just have one key application and sod conflict. We wanted also a system, a platform that is able to bridge segregation of duty conflicts across applications or systems. So with the help or support from the Saven team, we embedded cross application conflict, for example, across the treasury system and also ECC or the core E P the P system. Yeah.
Which by the way, also, I would say increasingly common challenge organizations are facing. So in, in the past, when you had one supplier of, of all your core business systems, in many cases, it was a different thing. Like, like when there are more and more SA applications for key business functions, because that at the end means that you don't have this monolithic homogenous environment, any, any environment anymore, but you're getting more and more critical business functions distributed across both on-prem and future SA services, which means you need this cross system sod controls at the end of the day.
Indeed. Yeah. So that's, that's very good point. So given the yeah. Cloud strategy for VIN Berger, and of course still very critical applications being on premise like S P with moving together with S P also in some parts also in the cloud already, we need this. So this was an very essential part of our requirements before we yeah. Took the decision after the pilot indeed.
Okay, great. So thank you for giving us all the, in all the insight, and maybe you would like, and again, congratulations for running this project and for receiving this award, maybe you'd want to give some words to your team before we close.
Of course. So, first of all, many things to team in Wienerberger the central team here, my own team, but also the countries out there that help with the key users to get the solution implemented, but also a big thing. Tosen being a true, this was a true partnership in terms of both teams were quick to get this implemented. Both teams listened to each other to understand requirements and benefits, but also potential disadvantages on both sides and in this case. Yeah. Big thanks to all.
So thank you very much for taking the time to be here. And I would say back to any.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00