Securing data and ensuring compliance with Omada Identity Suite

Data security is essential to maintain smooth operations and competitiveness in the market. Not to mention, compliance with industry regulations introduced to protect sensitive data is a major responsibility.

As of May 2018, organizations operating within the EU have to build solutions that comply with GDPR. As a result, our client needed an effective Identity and Access Management solution to efficiently and securely handle personnel data.

Challenge

The company is a national leader in the exploration and extraction of natural gas and crude oil. The capital group is also one of the major energy providers of fuel distribution and electricity generation.

The organization needed to comply with regulations applicable to the energy sector, as well as the requirements of the European Parliament and the EU Council.

They wanted to secure their IT systems and control access grants to services and data, in particular those involving personal information of employees and clients. Our implementation of the Omada Identity Suite enabled them to meet their goals.

The aim of the project was to address the following requirements:

• Inventory and review permissions for systems and apps
• Implement an access request process to ensure accountability for decisions to grant/deny access
• Implement periodic reviews of permissions vs responsibilities
• Complete reports and audits of existing permissions

In addition, a user lifecycle process was needed to:

• Manage identity lifecycles within the organization and its IT systems based on reliable information.
• Grant access based on automated rules relating to structures of organization, functions, projects, etc.
• Grant access based on a model of organizational roles.

Solution

To ensure that the client is able to meet their access management goals, we recommended the IAG Essentials package based on the Omada Identity Suite (OIS).

OIS is an Identity and Access Governance (IAG) software package that enables organizations to manage their access and identity lifecycles.

IAG Essentials helps organizations quickly establish permissions management processes, reviews, audits, and reporting. We implemented this functionality for our customer’s core applications without introducing the full identity management lifecycle and automation.

Results

Our client’s new OIS-based identity management process provides the security department and other stakeholders with a single source of truth about permissions, and whether they meet predefined requirements.

Omada’s OIS solution also unifies the IAM process with functions such as self-service user access and automated permission granting. All events are fully traceable in logs.

Stakeholders can make quick adjustments to permissions, accounts, or processes, as needed. Business users can now manage access to the organization’s resources manually, or with the help of automation, as required.

Lastly, OIS freed up our client’s resources, saving time in managing user lifecycles and reducing the risk of human error. It helps to maintain compliance with industry standards and GDPR by ensuring that only authorized users have access to controlled information.