Automate identity management for 20,000 employees on five contents while streamlining access to critical systems for faster problem resolution.
Managing system identities occupied a significant amount of time at Arcor. The existing, largely manual, process was slow and expensive; in some cases it took over a week to authorize and activate a new account. The IT team wanted to reduce the workload by consolidating user information to a single meta-directory and automating account management. Arcor also wanted the ability to rapidly and reliably terminate the accounts of ex-employees to reduce security risks.
PAM has reduced access request time by 50 percent, cutting the bureaucracy involved. The risk of password disclosure is much reduced as all passwords are reset after a maximum of eight hours, further tightening our security for these critical systems.
The company sought to automate user management processes, control administration costs, and increase productivity and security. “Arcor trades in many countries across every continent. Managing our users manually was a really complex mission,” explains Edgardo Schunk, Chief Information Security Officer (CISO), Grupo Arcor. “We conducted a very detailed analysis and proof-of-concept, involving many market options,” he continues. “We chose Micro Focus (now OpenText) for its simplicity, the ability to integrate with multiple platforms, and because we could see how Micro Focus (now OpenText) could support us in our complete Cybersecurity strategy.”
Arcor uses Web applications extensively, and employees need access to different services based on their roles. Implementing Access Manager, a Web-based federated single sign-on solution, provides simplified yet secure access to resources for customers, partners, and employees.
Identity Manager made an immediate difference. Arcor stores information about the identities of its 20,000 employees in eDirectory.
Identity Manager automatically synchronizes user identity information across multiple applications, eliminating the need to manually update each system. The automated replication enables the IT team to activate, change, and remove users quickly and reliably.
Previously, provisioning new employees took about a week, and there was no formal process. When employees changed roles or moved to another location the IT team needed to spend significant time manually reconfiguring their access rights. “We wanted to move from a user-based security process to a simplified role-based process,” said Schunk. “With Micro Focus (now OpenText) we not only automated the entire user lifecycle, but we also implemented a true Role-Based Access Control (RBAC) model.” Department heads can now create new employee profiles and select the applications to which they have access without any IT support. If there is a change in user role or office location, Identity Manager automatically synchronizes the changes across all existing systems. Damian Zammar, Information Security Infrastructure Leader at Arcor comments: “[NetIQ] Identity Manager has helped us implement our RBAC model, simplify administration tasks, and save time. Identity Manager not only improves our security, the single sign-on (SSO) capability also increases end user productivity and satisfaction, with new Arcor employees productive from their first day.”
Following the successful implementation of Identity Manager and Access Manager, Arcor turned its attention to systems with high privilege access rights. Privileged Account Manager (PAM) provides insight into the entire identity lifecycle management of privileged users and accounts using risk scoring, monitoring, activity recording, and controls to improve an organization’s security posture.
Schunk explains the PAM use case: “We have over 80 systems integrated into Identity Manager. PAM helps us optimize and secure OS operator access, speeding up problem resolution. PAM is used to control access of privileged users to critical servers and capture complete sessions to satisfy audit requirements, including forensic analysis. We can now quickly control and access systems with high privileges. PAM has reduced access request time by 50 percent, cutting the bureaucracy involved. The risk of password disclosure is much reduced as all passwords are reset after a maximum of eight hours, further tightening our security for these critical systems.”
With NetIQ by OpenText, Arcor has reduced the time spent provisioning new users from days to minutes. Equally, the company has improved security through the immediate revocation of access rights when an employee leaves the company. Arcor has eliminated costly manual administrative tasks and reduce the IT management workload by 60 percent. During the rollout of the solution, Arcor identified and eliminated 300 dormant accounts, cutting its software license fees accordingly, and closing a potential security gap.
Schunk concludes: “Thanks to Micro Focus (now OpenText) we manage our end user and power user identities and application access much better. We simplified our identity management processes to offer a more agile security service to our internal customers. We not only manage identities, but we also continue to protect our users throughout their career with us. The next step in our Cybersecurity strategy is application security and we have recently acquired Fortify to support us with application code scanning.”
We chose Micro Focus (now OpenText) for its simplicity, the ability to integrate with multiple platforms, and because we could see how Micro Focus (now OpenText) could support us in our complete Cybersecurity strategy.
NetIQ provides security solutions that help organizations with workforce and consumer identity and access management at enterprise-scale. By providing secure access, effective governance, scalable automation, and actionable insight, NetIQ customers can achieve greater confidence in their IT security posture across cloud, mobile, and data platforms.
NetIQ is part of Cybersecurity, an OpenText line of business.
Grupo Arcor (Arcor) specializes in the production of chocolates, cookies, and candies. With 20,000 employees worldwide, the company sells its own brand products in over 100 countries. Its strategic alliances and a daily production volume of over three million kilos make Grupo Arcor a true leader in Latin America, where it has 40 production plants.