Norway’s Number one Telecommunications Provider Chooses Omada for Identity and Access Governance
Telenor was looking for a modern in-house solution for Identity Governance and Access Management (IGA) to improve their day-to-day operations across the organization, enhance their security posture, and meet various compliance mandates.
Business Drivers and Requirements
Telenor has been modernizing their business and working towards automating processes to free up resources wherever they can. The organization is split up into various business units across multiple geographies, which over time created data siloes and a lack of transparency, which became a primary driver for them seeking out a modern approach to how they manage, secure, and enable their workforce. Having centralized solutions that were able to be counted as a single source of truth, providing insights throughout the organization was critical. Telenor also had requirements to comply with various standard-based security and privacy requirements from the Norwegian Security Act, SOX, GDPR, and more. Specifically, the Norwegian Security Act drove the need for Telenor to know who has access to their various systems and keep control over those who had access to critical financial systems. Telenor had many orphan accounts that they could not keep track of.
Telenor chose Omada to support them with their business requirements for security improvement, risk mitigation, and compliance by looking to a standards-driven approach to IGA so as to avoid over-customization. They looked to Omada Identity primarily to aid in the following initiatives:
- Automating user management by enabling seamless workflows for access requests and reviews
- Minimizing the number of orphaned accounts that had no ownership
- Integrating a wide variety of applications and systems
- Managing the identity lifecycle to ensure proper access for all identities on day one of a role, and removing access when it is no longer required
- Improving policy and role management to ensure that policies and roles are consistently right-sized to meet the needs of the business
- Complying with audit and compliance mandates with easy access to overviews, reports, and dashboards
Omada Identity in Action
As part of the IGA process, to get a handle on who had access to which applications, Telenor built over 230 integrations to over 300 applications and various systems to import data and got an overview of the access rights within Omada. With Omada’s superior data modeling, Telenor was able to create metamodels on top of their applications and systems and eliminate hundreds of previously orphaned accounts by either deleting them or assigning an owner.
“As someone coming from the Java world where connectors are all JCA connectors, it is refreshing to see that Omada provides pre-installed and configured connectors.” – Johan Lundstrøm, IAM Architect, Telenor.
Telenor also gradually added service accounts and created technical identities, owners, and mapped the orphan accounts to manage service accounts, robot accounts, and shared accounts. Today, there are 12 assignment roles that provisions to one system. The team is now identifying roles and creating rule-based provisioning by introducing role modeling and mining. The ultimate goal is to offer an automated single self-service portal for requesting access and Telenor is working steadily towards this end. An Omada to ServiceNow integration is in the works and is being tested by the team. They are also looking into standardizing account management by managing applications in Active Directory.
“Unlike other IGA solutions that have serious flaws in data models, Omada has a flexible and changeable data model that allows Telenor to do a meta-model on top of applications/systems that have more than one system supporting it“ – Johan Lundstrøm, IAM Architect, Telenor
Omada has also helped simplify the preparation process for compliance-related audits. Telenor managers now have access to a tool for audit that enables them to export lists of invalid accounts that need to be removed as well as comprehensive data that can be easily summoned to present to auditors. Prior to Omada, these audits used to require huge amounts of person-hours to pull Excel files, but now the audit preparation process is simplified.
Results and Improvements
Since implementing Omada, Telenor has been able to eliminate hundreds of orphaned accounts, gain complete visibility into who had access to what, enable employees or contractors to now easily request and get access to devices and applications more quickly, and better prepare for audits.
“We were very happy with the good communication and cooperation we received from Omada’s entire team, that are critical for a project like IGA.” – Torbjørn Torp, Senior Project Manager, Telenor.
As a result of their deployment of Omada Identity, Telenor was able to minimize tedious tasks for business users and administrators, improve their security posture by eliminating orphaned accounts, and be better prepared and positioned to meet the continually changing demands of compliance mandates.