How many identities does one person need? Just one (but it’s complicated).
A multinational aerospace and defense company combats inefficiency and risk by unifying its identity governance
THE SITUATION
Say you’re an early adopter of 19th-century technology: trains. The tech is great for business, but it has a challenge—different railway companies use different track sizes (“gauges”), meaning trains built for one gauge can’t run on another. So if you need to go farther than one company can take you, you encounter a “gauge break” and need to stop, unload the train, then reload on to the next.
Great for business then, but still…not great. A lot of things have changed since the 19th century, but an aversion to wasted time, increased costs, and decreased efficiency isn’t one of them.
Which is why leaders at a 21st-century multinational aerospace and defense conglomerate recently found themselves pondering the state of some of their technology. They were concerned, specifically, about their identity governance and administration (IGA) system—the back-office stuff that makes sure the right people have the right access to the right things (like payroll, HR, IT, and other resources).
The company, with a large global workforce of employees and contractors, was using multiple IGA systems and processes—understandable but beyond challenging for both employees and administrators when someone transferred from one business (and system) to the next.
In other words, the company was experiencing its own version of gauge breaks: no consistent, standardized way to manage employee data from point A (when they were hired) to point B (when they left), or even for points in between. So it was wasting time and effort, increasing costs and compliance risk, and decreasing operational efficiency.
To make things even more complicated, the company itself was constantly changing—merging with other companies, acquiring new businesses, divesting divisions, and frequently reorganizing. This meant it had to be extra careful to move and manage employee, contractor, and business partner accounts and access rights (aka digital identities and privileged accounts) correctly. In such a dynamic environment, the organization needed a strong, flexible identity system—one that could quickly add new companies to the organization’s application platforms.
So just as the railway companies realized they needed to standardize their tech infrastructure, these company leaders recognized that they’d need to do the same. They needed a standardized, yet flexible IGA system. They needed to streamline employee onboarding and ensure compliance with stringent aerospace and defense industry regulations. They needed a system that could adapt and grow with the company and help them transform their business. And above all, they needed to make it easier for everyone to securely connect and collaborate.
For help, they called professionals at Deloitte.
Why? Because these professionals can harness deep aerospace and defense experience alongside advanced identity governance and administration solutions to help companies strengthen access controls, facilitate regulatory compliance, and protect mission-critical assets.
The upshot: Deloitte’s professionals can help enable secure, efficient, and resilient operations in an increasingly complex cyber environment.
100,000+ PEOPLE ACROSS THE GLOBE. HOW DO YOU GET THEM UNIFIED ACCESS?
THE SOLVE
So the combined teams got down to work, focused on consolidating and standardizing identity processes across the entire company so that everyone who joined, changed roles, or left could follow the same steps.
On the technology side, this meant implementing a unified digital identity solution, with SailPoint the core platform, and secure, scalable AWS GovCloud the hosting provider.
With this configuration, SailPoint would serve as both connector and interface to the existing back-office systems (Active Directory and SAP) that supported identity management. Administrators could then direct, review, and report on user access with less risk and greater efficiency, security, and compliance.
On the people side, getting to standardization meant (frequently) convening company stakeholders from different departments like IT, HR, and Security, as well as different business units. Each was encouraged to share their experiences with the legacy system and their hopes for the new one. Then together, they worked with the Deloitte team to design something that would work for everyone.
What did that look like? Requirements were complex and diverse, and the conversations were involved, but ultimately the teams designed a system whereby employees could request access to tools and information in the same way, no matter where they worked, with access given (or revoked) automatically according to whether someone was being onboarded, changing jobs, or leaving the company. It would be easier for administrators to check who had access to what, which in turn would make it easier to keep systems secure and compliant. Further, the organization created a new identity system that works with all IT systems; now, each user has a single ID and their access can be managed in one place—a change that makes it much easier for people to use company tools and gives administrators a clear view of who has access to what.
Employees were then trained on the new system, with the switch from old to new (when it came) done in stages to avoid work disruptions. Then, to keep the transition as smooth as possible during the cutover, the Deloitte team set up a hypercare support system to supplement the company’s existing resources.
TEAMS TEAM UP TO MAKE ACCESS EASY AND AUTOMATIC FOR ALL
THE IMPACT
From a user perspective, the company today enjoys a single, scalable, modern IGA system that works the same for every employee regardless of position or country in which they work, with standardized processes, governance, and controls on the back end to match. Gone are manual updates, replaced by automated transactions for things like changes in HR information or application access, with up to 4 million of these transactions logged per month. New employees—more than 40,000 of them added through the new system annually—can get access to what they need right away, and it’s much easier to change or remove access when people switch jobs or leave.
From an operational perspective, the company now has fewer IGA problems, with help desk issues cut in half. (And if there is an issue, new features like unified incident management and SMS alerts mean the company can respond faster than before and keep things running smoothly.) In 2024, more than a million password changes were automatically updated across all IT systems using each person’s single identity ID and following rules set by the business. These changes help users manage all their accounts with one password, making things simpler for them, and reducing the need for help with access issues. Then there’s the decrease in total cost of ownership for identity and access management infrastructure overall.
From a compliance perspective, automated, organization-wide access reviews and certifications (128,000 accesses reviewed in FY 2024)—particularly for SOX applications, the software solutions that help manage Sarbanes-Oxley regulations—have made it much easier for the company to be audit-ready and show that they’re following the rules.
The company’s risk exposure, meanwhile, has been reduced, because the system automatically removes access when people leave—more than 30,000 instances of this processed in FY 2024—and keeps track of who has special permissions.
Finally, the new IGA platform has proven it’s up to the challenge of the company’s dynamic DNA, having already withstood the test of multiple mergers, divestitures, and organizational changes. This provides the flexibility and alignment needed for the company’s strategic priorities and future growth.
In other words, company leaders can now envision and map a route from point A to point B, confident that (so far as their IGA system is concerned anyway) the journey will be uninterrupted.
A NEW, GROWTH-READY PLATFORM SUPPORTS BOTH TEAMS AND OPERATIONS
