NIBC about the value of Identity Governance & Administration (IGA) in the cloud
As a result of our IGA project, we have interviewed Steven Schulein, Head of Generic IT, in our Grabowsky Safe Zone. In the interview he will explain how he strengthened NIBC’s Identity & Access Management.
NIBC strengthens digital security with Identity Governance and Administration in the cloud.
NIBC is a bank that focuses on mid-size organizations and retailers in the Netherlands, Belgium, England and Germany.
After NIBC emerged from the 2008 financial crisis without government support, the bank has reinvented itself into “a flexible bank that can act quickly, with a ‘THINK YES’ mindset and an equally strong ‘can do’ attitude.” This ‘THINK YES’ mindset was certainly applicable to the Identity Governance & Administration project that Grabowsky has realized together with NIBC.
We were faced with the challenge of resolving the audit findings concerning their Identity and Access Management, within a tight period of three months.
In addition to training the people and improving the business processes, NIBC has opted for SailPoint IdentityNow, an Identity Governance & Administration solution in the cloud. A seamless fit considering NIBC’s cloud-first strategy.
Can you tell us something about NIBC and your role within NIBC.
My name is Steven Schulein, IT Manager at NIBC, responsible for generic services, including infrastructure and generic applications.
NIBC is a bank that mainly focuses on mid-size organizations. We serve approximately 600 medium-sized organizations and 400,000 retail customers. We do this in the Netherlands, Belgium, England and Germany.
What was your challenge? Why did you start an Identity Governance and Administration (IGA) project?
hat emerged two years ago. When I took on my new role. We had a number of audit findings that surfaced in the field of Identity & Access Management. In particular, not being in control of the joiner, mover, leaver process. A rectification process that did not go well. And a role model that had become far too complex.
More roles than employees?
Yes, factor 5
“Factor 5 more roles than employees”
What was the desired result that you had in mind?
The main purpose was to resolve the audit findings. In which the most important aspect was that the recertification should be simple and understandable for the business owners. And, that we would have an efficient and good (IAM) process.
Why did you choose SailPoint IdentityNow as your Identity Governance solution?
Based on an architecture principle, we have a SaaS-first (Cloud-first) strategy. So, we only looked at the better IGA SaaS solutions that support this. SailPoint IdentityNow came up as the IGA-leader and it suited our IAM-requirements.
How did Grabowsky help you and how does Grabowsky help you now?
We already had a collaboration with you for our CyberArk, Privileged Access Management, solution. I think Grabowsky is a very good partner to work with together. You initially did this within the project as a technical implementation partner. Now we will follow up on that with the support on SailPoint IdentityNow and the Identity & Governance Administration process. And also, we are shaping together the vision for the entire field of Identity & Access Management and beyond.
“The main goal was to resolve the audit findings.”
The most important lesson
What is the most important lesson you have learned about this journey?
I think the most important lesson in hindsight is that doing an IGA process is very effective, but it does not solve the entire domain of Identity & Access Management. We also have to take steps in other areas. And we are now going to solve this challenge together by establishing the vision.
What advice would you like to give other organizations that also want to regain control of their digital security?
At an earlier stage I would work with a party like Grabowsky. To give a good idea of how to scope and manage the entire domain of Identity & Access Management at the start of an IGA project. It is important to create a vision of Identity & Access Management with the logic of Think Big Act Small.
“Think Big Act Small”