”SIVIS Enterprise Security Has Significantly Improved Our Approach to Program Governance and User Lifecycle Management .”

For several years, Atea has dedicated many resources to streamline the business. This has resulted in a greater focus on process automation, program governance and not to mention identity and access management. Helped along the way by SIVIS Enterprise Security.

In recent years, Atea has expended a lot of resources on streamlining the business. In addition to selling IT solutions to businesses and public institutions, the Group has been busy establishing and implementing a compliance program of the highest international standard. It has been successfully implemented.

In this context, program governance has received increasing attention across the international Group. The effort goes hand-in-hand with a stronger commitment to identity and access management, helped along the way by SIVIS Enterprise Security.

Automation creates a more efficient organization

With over 7,000 employees, Atea has unique technology challenges in relation to license management. With such a large staff, heavy organizational, administrative processes are quickly created.
It is a concrete business challenge to manage the Group’s thousands of employees on the infrastructure. In addition, it must be ensured that their access to data and systems meets the organizational needs, while complying with security requirements.

This is where SIVIS Enterprise Security enters the picture.

Before Atea deployed the platform in Denmark, Finland and Sweden, user creation and access assignment were manual tasks with low automation.

”On a good day, you could say that our user administration in Denmark was semi-automatic. When employees were created in the HR system, it triggered a notification to the Service Desk, so they knew that a new employee needed to be created and assigned access. When SIVIS Enterprise Security came along, we were finally able to automate that process,” says Jim Andersen, Senior System Specialist at Atea Denmark.

”Most user management tasks are now automated,” adds Sami Liimatainen, Infrastructure Architect in Group IT at Atea. ”Of course, individual managers still must fill out a form on the intranet when they need to create new employees, but from there, the information flows directly from the HR system and into SIVIS Enterprise Security, which automatically creates the employee in our AD and assigns the appropriate rights and licenses.”

In addition to automating and streamlining the Group’s approach to User Lifecycle Management, SIVIS Enterprise Security also made a tangible security difference. Prior to the implementation of the identity and access management platform, it was common practice to create copies of existing employees’ access composition every time a new employee had to be onboarded in the organization.

”There is no doubt that replication of accesses works in the short term. It’s quick to get people started, but it’s not very smart. Neither in terms of auditing, organizational security or license consumption,” says Jim Andersen. ”The fact that we can assign standard roles to employees via SIVIS Enterprise Security has given us tremendous value. And not least, we know exactly when employees can be expected to be set up in the systems.”

Atea can now be sure that all accesses are correct and active when a new employee joins the Group.

”No one has more access than they need for their position, and we avoid situations where new employees have to wait to access important systems because the Service Desk simply hasn’t had the time to implement the access. Thus, SIVIS Enterprise Security helps to support the productivity of the entire organization,” says Jim Andersen.

Documentation is key to better program governance

In addition to the daily administration and onboarding of new employees, there is one area that SIVIS Enterprise Security has particularly helped lift for Atea: the work with program governance.

”It is essential in relation to the audit that coincidences can no longer prevail in relation to employees’ IT access. The platform entails we can fully document why people have the accesses they do. Everything is logged, which goes a long way to helping the people who have to manage our program governance efforts. It has become much easier for them to control, and they have 100% assurance that our internal rules are maintained,” says Jim Andersen.

Sami Liimatainen emphasizes:
”The many automation options available in SIVIS Enterprise Security have renewed our approach to program governance in relation to our User Lifecycle Management efforts and significantly improved it.”

Especially in relation to offboarding of employees, the concrete benefits concerning the program governance efforts become noticeable for Atea.

”SIVIS Enterprise Securities built-in offboarding processes speak directly to our work to maintain a strong access audit and a solid security base. All offboarding steps are automated and it helps us a lot that we can be certain that all accesses are shut down and that the shutdown is documented as soon as an employee leaves the organization,” says Jim Andersen.

An onboarding takes only 30 minutes

As a Nordic group with thousands of employees in seven countries, the time dedicated to managing employees’ user profiles and access is crucial. If onboarding and assignment of digital accesses require too much time, it risks creating severe bottlenecks in the Service Desk and, not least, affecting the ability of the entire staff to work effectively.

”SIVIS Enterprise Security has resulted in significant time savings. Before we implemented the platform, every creation took several hours, which also required the Service Desk to have the necessary time to handle the task. If something else had priority, it wouldn’t be handled right away and employees would have to wait for access,” explains Jim Andersen.

”Now, an onboarding actually only takes 30 minutes. Once an employee is registered in our HR system, the system triggers a creation in SIVIS Enterprise Security and half an hour later we can be sure that the employee has the right access and is ready to log in,” he adds.

”Because our User Lifecycle Management has been automated, it also means that the workload at the Service Desk has been eased. Automation has really benefited us on multiple fronts,” says Sami Liimatainen.

Significant savings on licenses

For many organizations, over-licensing is a problem, and it’s a problem that can be hard to overcome. Many lack an overview of the license inventory, along with an overview of which employees actually need which licenses.

This was also a challenge at Atea. SIVIS Enterprise Security automatically shuts down employees’ accesses when they are offboarded, and in the process automatically removes their licenses. It has made a difference.
”One of the biggest impacts on the business that I’ve noticed since we implemented SIVIS Enterprise Security is actually the financial savings. The platform has given us an overview and improved our management of employee licenses. This means that so far we have been able to cut 12.5% of our E5 licenses,” says Jim Andersen.

The automation engine must be rolled out across the organization

The plan is to embed the SIVIS Enterprise Security even more strongly across Atea. That process is already underway. Stakeholders from different corners of the organization are involved to shed light on what existing manual processes can be automated by the platform.

”The technical onboarding of an employee could easily take several days and involve several internal forces; far more than should be dedicated to the process. Today, HR can create a person the day before they start and be sure that the rights are in place,” says Christian Bølling, Director of Infrastructure Technology at Atea Denmark.

”In terms of maturity, we are still in the early stages, but I expect to see a ketchup effect across the Atea Group before long,” he adds. ”Other parts of the business are starting to see the value, and the automation engine that is in the SIVIS Enterprise Security will eventually be used throughout the organization.”

Atea is currently working on getting all parts of the group to fully adopt the use of SIVIS Enterprise Security so that the group’s User Lifecycle Management processes can be unified and streamlined. So far, it has created positive experiences.

”What really struck me after we implemented the platform is why we didn’t do it years ago,” says Sami Liimatainen.