How One Company Modernized IAM with an Automated Solution
CDW’s Identity and Access Management Delivery team helped the company leverage a scalable platform to support its growing footprint.
It was the kind of growth-related challenge that comes with the territory of running a thriving business.
An American designer and manufacturer of heavy-duty commercial trucks had been a leader in its industry for nearly 120 years. Every day, more than 30,000 employees were logging in at its offices in the United States and around the world. Business was strong, and expansion was steady. But the firm’s information security team was faced with a problem it needed to solve.
“They’d always kind of ‘checked the box’ when it came to identity and access management,” explains Christin Browne, a CDW field account executive who consults with the company on its technology strategies. The company’s identity and access management solution had basically done the job, but it required manual intervention every day and wasn’t easily scalable, she says. “It didn’t give them a good way to manage access to tools for all the people they had coming and going. It really wasn’t enough anymore to meet their overall security needs.”
A Request for Identity Automation
At the heart of the company’s concerns was the fact that its growth, through international acquisitions, had led to its dependence on multiple HR systems. That can lead to challenges with identity governance, which is one component of a comprehensive IAM solution.
“When your HR platforms can’t talk to each other, you don’t get that global view you really want to have of the identities you’re creating and managing,” Browne notes. The company’s information services team knew that the answer would require substantial integration, “and so, they approached us about SailPoint Identity Security Cloud specifically because they’d heard that it made that process relatively easy.”
SailPoint Identity Security Cloud is a cloud-hosted Software as a Service solution that allows multiple customers to share the same computing resources. It provides centralized control for managing user access, ensuring compliance, and maintaining security across various systems and applications. Being multitenant, it allows multiple organizations to share the infrastructure while keeping their data securely isolated from one another.
To enable zero-trust environments, the platform leverages technologies such as artificial intelligence and machine learning to streamline everything from worker onboarding to security policy implementation. For administrators, the platform allows for the establishment of role-based access control of employees, and almost everything about it can be automated and scaled to match a company’s changing needs.
“They brought us in to not only acquire the SailPoint licenses but also to implement the platform across the organization at their various sites,” Browne explains.
For the deployment itself and the ensuing integrations, the company turned to Asif Syed, a SailPoint expert and head of IAM delivery within CDW’s security practice.
His role from the start, Syed recalls, “was to serve as the solutions architect for the project.” He met with Browne, the company’s CISO, and the in-house manager of identity governance, “and I worked to understand the current state of everything they had and then mapped that to their desired future state so we could take them through the journey.”
93%
The share of security professionals at large companies who say they’re trying to reduce the number of unique identities associated with their employees or customers
Source: Identity Defined Security Alliance, 2024 Trends in Identity Security, May 2024
From Inventory Assessment to Launch
That journey began with taking inventory of the customer’s requirements. At the top of the list, Syed says, was migrating the data from the company’s old, on-premises identity governance solution and from its decentralized global HR systems infrastructure into SailPoint Identity Security Cloud. This would create a single repository for all identities with the customer organization.
With that in mind, he recalls, “we went through all of the use cases they had supported with their original platform and determined what we wanted to automate around lifecycle management of current and future employees and their contracts.” Lifecycle management spans the entirety of an employee’s time at a company, he explains, “from their ‘birth,’ when all of their accounts are created, to their promotions, demotions, transfers and job title changes, and all the way out to their termination.”
Once they were captured in the company’s current state, those use cases were then modeled in the new platform as part of the project’s design phase, Syed says: “We walked them through the entire design process and the approach through design workshops. Then, after they’d signed off with their approval, we got the migration underway.”
The implementation process began with setting up SailPoint’s virtual gateway server, known as Virtual Appliance, and connecting Identity Security Cloud to the customer’s systems. The company had used a global identity system to manage the accounts of contract workers. The CDW IAM Delivery team linked these identities with their respective applications to build SailPoint “identity cubes,” or models containing information unique to each user. From there, it configured “lifecycle states,” defining the access individuals should automatically get depending on their company roles.
“All of those definitions were captured and configured, and then we moved on with the testing process,” Syed says. The company has nearly 25,000 licensed users across multiple SailPoint products. The system worked as expected, consolidating user identities across multiple systems, and soon the company was off and running with its new and improved approach to identity governance.
Reducing Risk with a Unified Solution
Identity governance systems such as SailPoint’s are designed around the principle of least privilege and enabling a zero-trust security framework, Syed says: “It’s the idea that a corporate technology user should only have access to what they need to do their job. It’s all about reducing risk through governance and implementation of controls.”
According to Browne and Syed, the client is now set up with an identity governance solution that can handle any level of future business growth. When the company hires new employees, they’ll automatically gain access to the tools they need to succeed in their work, and when those employees move on to different positions within the organization, that access will change to reflect their new roles. Overall, the solution will allow workers to do their jobs more effectively while helping the company operate more efficiently. Manual processes related to identity governance are now mostly eliminated, and thanks to the power of its unified solution, the company now has unfettered visibility into user identities.
“From our perspective and from what they’ve said, this project has been a huge success,” Browne says. “We successfully decommissioned their legacy solution, we engineered a new solution with a lot of automation and we did it on a global scale. And we helped the company improve security to a level far beyond what it had before.”
CDW has continued working with the company as it expands and identifies new needs for identity governance integrations, such as with its SAP solutions. “This was never the kind of project where you set it and forget it,” Browne says. “It truly is an identity program, and one of our developers will always be available to help them if they need support.”