Bayern LB Implements Omada’s Modern IGA Solution

Bayerische Landesbank (Bayern LB) looked to Omada to deploy a modern, standards-driven IGA solution

Bayern LB has over 7000 personal and technical identities that they need to manage, secure and enable. As part of their identity security journey, Bayern LB needed a centralized identity governance and management platform to meet compliance mandates, reduce risk while further enabling their entire workforce. They looked to Omada to deploy a modern, standards-driven identity governance and administration (IGA) solution.

“Omada enabled Bayern LB to manage IGA risks better and provide a single database for all audit/compliance relevant issues regarding IAM.” – Heike Niggl, IAM Team Lead at Bayern LB

Business Drivers

Bayern LB initially was looking for a solution to meet compliance mandates, ISO/other German regulations, and standards in a scalable way. As a bank, they face regular audits, one of which was fast-approaching, which was driving their evaluation process. Their business needed a centralized platform with key identity governance capabilities based on their requirements that could be implemented quickly.

Challenges

Bayern LB was facing a fast-approaching deadline to deploy an IGA solution to fulfill their compliance requirements. Their existing solution was extremely manual and required ad hoc policies and workflows throughout the system to govern identities. The organization needed to find ways to further enable administrators and business users as their administrators faced large workloads for assessments, provisioning, and reporting, and business users often had to wait long before being granted access.

Further, given that the bank lacked clear audit logs in their legacy system, with logs limited to only the related applications they had integrated, they were facing an uphill climb to meet not only the current audit mandate, but also future ones. The existing identity management tool could not be enhanced to support the need to centralize access rights, audit logs, entitlements, and more within the confines of their overall identity and access management (IAM) program. They were also stuck with an inability to support Segregation of Duties (SoD) requirements in making sure that people did not possess toxic combinations of access that would pose risks and break audits.

Requirements and Selecting Omada

Bayern LB chose Omada due to our proven ability and experience in deploying Identity Governance controls to help organizations meet audit demands, while maximizing business efficiencies. It was important for Bayern LB to work with an IGA vendor that had supported other companies with similar requirements and challenges in their region. When basing their selection criteria around their technological requirements, Omada inevitably scored the highest in functionality and ability to execute, with our high flexibility in adapting the solution to meet the expectations of auditors, but in keeping the deployment standards-driven for future scale.

Use Case and Environment

Having a single, centralized solution to manage and control all of Bayern LB’s identities was critical. As such, Omada was chosen because of our ability to be the single source of truth for identity governance and access administration, and Bayern LB leverages Omada for the following use cases:

1. Identity Lifecycle
2. Access Control and Requests
3. Segregation of Duties
4. Reconciliation
5. Recertification Reporting

The Omada Identity solution provides Bayern LB with end-to-end identity lifecycle management for all the bank’s identities. Bayern LB uses Omada to leverage standard workflows and processes for policy-based access management and governance which is customized per their unique business requirements. They also integrated Omada with their Active Directory environment to provision and de-provision access to in-house applications, legacy mainframe applications as well as to 3rd party applications.

“With Omada we automated workflow-based access management and approvals as well as the recertifications and reconciliations.” – Heike Niggl, IAM Team Lead at Bayern LB

Bayern LB uses a 3-step model for policies – resource-based, application-based, and business function. Omada is set up so that policies can be created, modified, and deleted in a scalable fashion that helps keep their IT administrators productive, their resources secure, and their business users efficient. Bayern LB also continuously performs five different types of recertification surveys for their: access rights, roles, policies, applications, and technical users to make sure that their environment is always evaluated and the gaps between Current and Desired States are narrowed. Given the importance of needing to prove compliance to auditors, Bayern LB also maintains customized reporting based on Omada Audit data that is centralized in a database.

Results

Since deploying Omada, Bayern LB has seen marked improvements within a year in the following areas:

1. Greater than 50% reduction in time to prepare for audits
2. Greater than 50% reduction in risk through access governance and better visibility
3. Improved security and optimized operations through implementation of SoD
4. Improved efficiency through automated workflow based access management requests and approvals
5. Better insights into compliance status, including understanding why access is granted
6. Improvement in ability to meet compliance requirements in a short time
7. Standards-based implementation, but highly flexible where required
8. Higher transparency through recertification of identities and associated permissions.