General Electric (GE), a Fortune 50 company, was formed in 1892, and was one of the original 12 companies listed on the DOW Jones Industrial Average. GE today comprises various businesses catering to financial services, medical devices, life sciences, pharmaceutical, automotive, software development and engineering industries.
GE was coming to the end of their road with their legacy identity tool. They were considering the direction to take their program and the appropriate solution that would enable them to innovate and scale their business at the rate they needed.
Leveraging SailPoint, GE has governed access for over 1.8 million employees to more than 1,800 business applications. They continue to secure the organization and ensure compliance, allowing them to focus on innovating and scaling their identity program, and improving the user experience.
We’ve measured success with SailPoint in several different ways. Our audit team went from 25 people spread out across the company, to 2. We consider the cost savings and increased efficiency that resulted from our partnership as huge wins for GE.
Eric Schwab, Principal Technologist, GE
less staff to manage identity program
a year saved on password requests
SailPoint helps GE cut costs and unify its global security efforts
GE consolidated their identity program across its three global business units, improving security and regulatory compliance efforts while reducing identity management and audit expenses.
Identity for compliance and scalability
With annual revenue of nearly $80 billion, GE is among the most prominent companies globally by market cap. Each of GE’s business units (soon to be independent businesses on their own) operates within the most heavily regulated industries. Whether HIPAA, export controls on aviation and energy businesses, or the application of security standards set by the Department of Defense — mishaps in any of these regulatory areas could cost GE billions.
One of GE’s most pressing regulations is Sarbanes-Oxley (SOX). SOX demands that GE be very diligent regarding the identity and access management of its financial applications. As a result, GE has invested considerably over the years, developing a mature, error-proof process to determine who should have access to systems that house financial information – and the ability to enforce and audit such access.
To remain compliant with SOX, Eric Schwab, principal technologist at GE, explains how the GE identity team successfully documented identity and access processes, such as the levels of approvals obtained, request and approval audits, and provisioning access for specific GE systems and businesses. Still, as mature as their identity program had grown, there were more efficiencies GE sought to build. Such efficiencies included consolidating the identity program for each business unit under one identity team, ensuring security and compliance while improving the employee user access experience, and reducing the costs associated with access audits.
To reach their goals, GE planned to retire their legacy identity tool and carefully considered the direction they wanted to take their program. The GE identity team knew that they needed an identity platform that would enable innovation and scale quickly. Legacy identity management solutions forced them to think carefully about the future of their identity program and the steps needed to maintain their commitment to governance.
Wanted: A highly-flexible identity platform
At the onset of their search, GE’s identity toolsets and processes were fragmented. Each business unit had a separate identity team managing access with different approaches, tactics, and even goals. And while continuing to use their legacy tools would avoid additional upfront spending, there were significant concerns that the product was outdated and no longer a good fit for the identity program GE sought to create. GE’s identity team decided it would find an identity partner and platform that could support each of GE’s business units within one infrastructure managed by a single team. They would drive efficiency by unifying the company’s identity efforts.
Schwab and his team quickly drafted a business case that matched identity vendors to GE’s long-term goals. The goal was to ensure their chosen partner and platform would support GE’s need for identity performance and scalability. After an exhaustive process, GE selected SailPoint and its identity security platform. The team concluded SailPoint would help GE consolidate the identity team into a single unit that could support all of GE, adopt consistent processes for security and compliance, improve the user experience for requesting, processing, and terminating access, as well as reduce overhead costs associated with their identity program.
To begin, Schwab and his team first onboarded their most critical applications, such as Active Directory, LDAP, and JDBC. Most of the business units also had separate legacy identity instances that needed to be merged within the SailPoint platform.
Measurable results at scale
Initially, the team set out to establish access models based on job roles and streamline access requests and access certification workflows. Additionally, an automated password reset capability was one of their top priorities for their internal customers.
First, GE streamlined its entire identity program, improving access outcomes and regulatory compliance efforts. For instance, with GE’s prior identity management tool, the identity team required a staff of more than 250. And as most of these workers were contractors, the costs were high. With SailPoint, GE now requires 50% fewer staff to manage that same identity program. Additionally, by centralizing the program, GE has been able to go from 25 employees running access audit programs to two people globally.
SailPoint is now GE’s unified governance platform for over 1,800 applications for over 1.8 million people.
The cost savings and increased efficiency delivered by SailPoint has been a huge win for GE.
Eric Schwab, Principal Technologist, GE
“We’ve upgraded our identity program to be more effective and more efficient,” Schwab explains. Now, those cost savings and staff can be reallocated and refocused to more strategic business areas.
GE’s enhanced password management process also delivered incredible results. GE logged several hundred thousand helpdesk tickets each year, before SailPoint, just for password reset requests. That’s been slashed to 10,000 annual requests, saving GE more than $2 million a year. “The password management solution has driven incredible ROI for GE,” says Eric Schwab.
Finally, GE has been successful in improving employee end-user satisfaction. Over the past few years, GE’s Net Promoter Score with employees soared from a negative to greater than 20. Schwab attributes that dramatic jump directing to improved application onboarding into SailPoint and the enhanced user experience.
Through its partnership with SailPoint, and its newfound ability to centrally manage identities, GE cut costs and improved its security and compliance processes — while concurrently improving employee on-the-job experience by swiftly providing access to the applications they need to be immediately productive. “We’ve been thrilled with SailPoint’s ability to scale and accommodate us as we grow,” Schwab says.