At the recent Gartner IAM Summit, SailPoint had the pleasure of hosting Andrew Linn, SVP and CISO of Orrstown Bank, to talk through the bank’s decision to take their identity governance program to the cloud. Andrew was an excellent speaker and clearly captured the audience’s attention with his insightful presentation.
Orrstown Bank faced a few challenges that played into their decision to roll out an identity governance program driven from the cloud. These challenges included:
- Employees often had excessive access and former employees often retained some access after termination;
- Orrstown spent a lot of time, money, and resources frequently performing large-scale manual access certifications;
- Access certifiers often rubber stamped current access because of a lack of descriptive terms and/or knowledge; and
- Users struggled to remember the dozens of passwords necessary to access all their applications.
Not only was Orrstown Bank facing the increased likelihood (and resulting impact) of a data breach given some of these identity and access management challenges, but operationally, the IT team was often too buried with help desk calls to provide real value to the business. According to Andrew, “Moving toward a cloud IT environment means that our IT organization can focus on enabling the business versus time spent maintaining IT infrastructure. That is the goal of our IT team – to enable our business to build and strengthen customer relationships.”
Given the bank’s cloud-first approach to its IT strategy, taking on cloud-based identity governance was a natural progression of that strategy for Andrew and his team. Orrstown Bank focused their initial deployment on the highest-risk and most complex areas of their technology stack. In less than two months, they had deployed IdentityNow to automate access certifications, password management, and single sign-on for most of their primary applications and have since expanded the platform to include well over 100 applications.
A very tangible result of this project? The reduction in the time it takes to certify access by 2000 hours per year. Andrew’s team now has the time they need to focus on business enablement, bank employees are spending far less time struggling with password management issues and endless helpdesk calls and ultimately, the business is running smoother and more securely than ever. That’s the power of identity.
For more on Orrstown Bank’s story, check out their case study here.