Samsung BioLogics Builds Identity Governance from the Ground Up

Samsung BioLogics is headquartered in South Korea and manufactures biopharmaceutical products. Founded in 2011, the company entered the biopharmaceutical industry during a time in which the industry was facing significant change. The global availability and capacity for biologics manufacturing is decreasing, and new, innovative types of medicines are being developed to help millions suffering from devastating diseases. Given the nature of their business, a compliance focus has become very important to the organization and arguably more than other industries. Pharmaceutical drugs have the power to save lives, but when used inappropriately, can also be harmful, making it important to properly govern all aspects of the business.

Burdensome Identity Management

Samsung has always worked to maintain compliance and data integrity level at high standards had been using a multi-step process to manage employee access. When someone began employment or an employee needed to gain access to a system, they filled out a paper form which required multiple approval signatures and a manual process to manage. Once granted, paper forms were stored in an archive room. This manual effort was highly recursive without a centralized system and a consolidated view of employee access. On the compliance side, the forms were reviewed annually to prove access was compliant – the manual verification process consuming time and effort.

Tyler Dongwoo Hong, Project Manager for Quality IT Systems saw the area of opportunity the company had to relieve themselves of these pain points. “We needed to eliminate the manual processes that had become a burden, implement an easier way to demonstrate compliance and enable the workforce to operate more quickly and efficiently,” Hong shared. Identity governance is an area that many regulated organizations choose to address when trying to achieve compliance and operational efficiencies. After evaluating solutions, the Samsung BioLogics team partnered with SailPoint to build their identity governance program.

Addressing the Complete Identity Governance Picture

SailPoint’s out-of-the-box functionality addressed Samsung’s provisioning and compliance requirements in identity access management – something that was a must for establishing their program. As the Samsung BioLogics team kicked off their implementation, their initial focus was ridding the company of manual access processes. “As the company scales, we need to keep pace. By automating employee lifecycle management, we are enabling the workforce to do just that,” Hong said. Samsung BioLogics’ approach was to start with the most heavily used applications and automate their birthright provisioning and access request workflows. Now when employees join the company, they immediately have access to key applications that are necessary to do their job. If something is not automatic, the access request function triggers the request and approvals needed to help the employee gain access. With the automation in place, access requests have gone from taking hours to complete to an average of 15 minutes.

Establishing an automated certification campaign was their next priority. “We were previously running a manual, yearly certification campaign that took three months. With SailPoint in place, we were able to automate that process, reducing the time to one month,” Hong shared. When an employee moves in the organization, a mini certification campaign is triggered to maintain least privileged access.

Samsung is also automating its password management. This self-service functionality helps employees incorporate password hygiene, only allowing for passwords to systems that are highly secure and unrepeatable. They are further enabling the workforce to control their password changes and reduce dependency on the helpdesk. “We are pleased with the security and financial efficiencies we have gained with automated password management,” Hong shared.

What Else Can Be Improved?

When the business sees the value of a well-run identity governance program, application owners usually want to jump onboard. “We’ve created demand for application owners wanting their applications to be managed by SailPoint. We’re working to scale the program and prioritize applications according to their risk-level and adoption,” Hong shared.

“Our auditors and leadership team are at ease now that we can more easily demonstrate regulatory compliance. Our employees have felt operational efficiencies gained with the timely access they now have. Supervisors can actually see what their team has access to and review and approve it in one place. We’ve come a long way with SailPoint,” Hong concluded.