KMD
KMD deploys adaptive identity governance to deliver transparency and major productivity gains
Products and services
Solution group
Outcomes
- Introduced self-service portal for users
- Redeployed 50% of identity management team through automation
- Transparent and efficient management reporting
- Drastically reduced time to provision users and grant system access
- Full compliance with EU data protection regulations
Challenge
KMD needed to provision access for approximately 4,500 users to over 200 systems, including a SAP and mainframe environment. It also wanted to streamline the process of access review, which was manual, tedious, and not transparent.
As the custodian of personal data for nearly all of Denmark’s 5.5 million citizens, and increasingly stringent EU regulations on data protection, KMD needs to prevent unauthorized access. Its identity management processes were therefore mature, but unfortunately also very manual, and time-intensive. As the organization grew, so did identity management requirements. Users required access to office automation systems, complex mainframe applications, and many SAP modules, operating in a multi-tenant SAP environment.
The partnership has been great during the project. I feel our secret to success was to start small and slowly expand, a strategy fully supported by Micro Focus (now OpenText).
To provision access to over 200 systems for approximately 4,500 users in a complex infrastructure is hard, as Henrik Mohr, Department Manager IAM, at KMD, explains: “In a manual process, human error is always a possibility which we just cannot risk with the type of data we hold. We wanted to ensure that our business managers had the relevant information to make access decisions by using intuitive tools. Automation would also reduce the time it takes to bring people online with our systems.
Details
Solution
In 2013 KMD investigated the market, as Mohr comments: “Micro Focus (now OpenText) provided a good technical fit to our complex infrastructure, and a large number of our customers already use Micro Focus (now OpenText) solutions.”
The previous provisioning process involved emailing approval forms to the identity management team, who would then have to log onto each individual target system to grant access. It was difficult for users to determine what system access they needed, as the technical descriptions bore no resemblance to the business function of the system.
With the introduction of a self-service portal, using Identity Manager, approval flows and provisioning were automated and the technical entitlements were translated into user-friendly terms so that users, and managers, can make an informed access decision. Provisioning is tightly linked to the HR system so that accounts are immediately de-activated once a user leaves the organization.
High level, role-based provisioning was introduced, to ensure that a manager is automatically granted access to different systems from an employee, or an external contractor, making the system more adaptive to constantly changing needs.
Building reports, getting business participation, and producing audit reports were painful processes which have all been automated using Identity Governance.
It was now time to turn KMD’s attention to access review. Every six months managers would receive a list of their employees’ system access, to confirm or revoke access. This was a manual and tedious process, taking two people in the identity management team a month to complete for each review cycle. The access data would need to be exported from each target system, and summarized in a spreadsheet. It was complex to convert the results back into a structured format, and it was hard for managers to understand their actions, as the language was not user-friendly.
Mohr: “Building reports, getting business participation, and producing audit reports were painful processes which have all been automated using Identity Governance. A seamless portal provides access to Identity Manager and Identity Governance. Identity Governance will extract the entitlement directory from target systems, run the review, and then integrate with Identity Manager to process the results.”
Results
The implementation of Identity Manager and Identity Governance has delivered major cost and productivity savings, as Mohr explains: “Using Identity Manager, time to access a target system has been drastically reduced, from days to just hours. Through effective process automation, we’ve been able to redeploy half of our identity management team and have gained better visibility into system access. Reporting has been simplified and we have seen great efficiency benefits.
The feedback on Identity Governance has been overwhelmingly positive from our managers. With only a little introduction, they find the tool intuitive and are very clear on what their actions are.” Mohr concludes: “The partnership has been great during the project. I feel our secret to success was to start small and slowly expand, a strategy fully supported by Micro Focus (now OpenText).”
About KMD
KMD is one of Denmark’s largest IT and software companies, with some 3,200 employees.
It has developed and operates more than 400 IT systems that support the Danish welfare state. Each year its systems handle billions of kroner, equivalent to more than 20% of Denmark’s GDP. Key social security benefits are paid through systems developed by KMD.
