Managing system identities occupied a significant amount of time at Arcor. The existing, largely manual process was slow and expensive; in some cases, it took more than a week to authorize and activate a new account. “As we operate in many different countries across five continents and we have a large number of users, account management was a difficult task,” said Walter Mondino, IT Security Manager, Grupo Arcor. “We had very limited control over the identities of users and their access to applications.”
The IT team wanted to reduce the workload by consolidating user information to a single metadirectory and automating account management. Arcor also wanted the ability to rapidly and reliably terminate the accounts of ex-employees to reduce security risks.
The company sought to automate user management processes, control administration costs, and increase productivity and security. After considering various solutions, Arcor chose NetIQ Identity Manager (IDM), principally for its ability to integrate with multiple platforms. Mondino: “We conducted pilot tests with other suppliers, and after two months of testing we chose the Micro Focus solution for its simplicity, price and interoperability.”
Grupo Arcor stores information about the identities of its 20,000 employees in eDirectory. IDM automatically synchronizes user identity information across multiple applications, eliminating the need to manually update each system. The automated replication enables the IT team to activate, change and remove users quickly and reliably.
“We chose Micro Focus products for their superb quality and because they offered the only solution that integrates all our platforms,” said Mondino. Previously, provisioning new employees took about a week, and there was no formal process. When employees changed roles or moved to another location, the IT team needed to spend significant time manually reconfiguring their access rights.
“Many times, an employee moved to another post but retained their previous responsibilities,” said Mondino. “As we had no central control of the profiles for each user, that employee would accumulate access privileges to different applications.”
With IDM, department heads are able to create new employee profiles and select the applications to which they have access, without support from the IT department. If there is a change of user role or office location, IDM automatically synchronizes the changes across all existing systems. Damian Zammar, Information Security Analyst, comments: “The Identity management solution helped us to implement our access model based on roles, simplifying administration tasks and saving time.”
“With IDM, employees joining the company can be productive from the outset, as they have all the resources they need,” said Mondino. “The best part is that they no longer have to remember 20 passwords; now, a single password provides access to all authorized applications, which simplifies everyone’s job on a daily basis.”
Edgardo Schunk, Information Security Infrastructure Manager, comments: “We have over 80 systems integrated into IDM. The PAM (Privileged Account Manager) system integrated with IDM helped us optimize and secure OS operator access and times, speeding up problem resolution. PAM is used to control access of privileged users to critical servers and capture complete sessions for audit requirements, including forensic analysis.”
Grupo Arcor currently makes extensive use of Web applications, and employees need access to different services according to their job roles. The company implemented NetIQ Access Manager, a Web-based federated single sign-on solution that provides simplified yet secure access to resources for customers, partners and employees.
With IDM, Arcor has reduced the time spent provisioning new users from days to minutes. Equally, the company has improved security through the immediate revocation of access rights when an employee stops working for the company. Arcor has been able to eliminate costly manual administrative tasks and reduce the IT management workload by 60 percent. During the rollout of the solution, Arcor identified and eliminated 300 dormant accounts, cutting its software license fees correspondingly.
Mondino concludes: “We have much greater ability to manage user identities, and especially to ensure the removal of access rights from former employees who no longer work for the company. With help from Micro Focus, we can now protect our assets and simplify identity management.”