Storebrand ASA transforms asset management with unified, cloud-based identity governance

Massive to manageable identity and access lifecycles

Storebrand is a Nordic financial group, delivering increased security and financial wellness for people and companies. Storebrand has about 40.000 corporate customers, 2 million individual customers and manages NOK 1.009 billion. Storebrand is one of the largest Asset managers in Scandinavia. Sustainability is integrated in Storebrand's business strategy and is implemented across all business units. Recognizing that empowering its workforce with flexible and scalable technology is key to maintaining its market presence and leadership, the company is strategically transitioning its business-critical workloads and applications to the cloud.

To protect its digital assets and enhance its existing cloud workflows, Storebrand sought a solution that would automate how the organization monitors and reviews access rights to resources to enhance security across its environment and bolster workforce productivity. “We’re moving hundreds of applications to Azure,” says Carl Georg Tsigakis, Lead Identity Architect at Storebrand. “We’ll take control of that using Azure AD because its ability to control this amount of governance work with automation is second to none.”

Auditing and reviewing access to data has historically been a manual and time-consuming task. The process created backlogs during the company’s scheduled access reviews that took a long time to clear and prevented its teams from doing more meaningful, innovative work.

Now, the team can simplify and manage the access lifecycle with Microsoft Azure Active Directory (Azure AD) Identity Governance. “We’ve reduced access review efforts from months to days, and sometimes, hours to minutes,” says Tsigakis. “Our people noticed notification processes are much smoother now, and we keep getting it right with Azure AD Identity Governance.”

Workplace transformation showcases innovative IT culture

Because of the inherent complexity of hyperconnected digital workspaces, managing multiple user access rights as various applications enter the environment is challenging. Many companies often face the same challenge of how to improve access to cloud resources with adequate controls and monitoring without affecting productivity.

Employees and guests with too much access to sensitive data can increase the likelihood of a security breach. Another frequent problem is that users get locked out of their accounts because of human error, which significantly drains IT resources and increases operational costs. These scenarios are further realized when working with outside partners, which is essential to Storebrand’s business model. “We have a lot of partners that sell insurance and products on our behalf,” says Tsigakis. “With Azure AD access management, we give our partners the ability to apply for access to various systems via the My Access portal and their connected organization, and they’re up and running and selling insurance with one or two approvals.”

The company can now manage multiple groups and applications and has reduced the time it takes to control resource access for employees and external partners. “It’s a brave new world for us,” says Tsigakis. “We can set up access reviews in 10 minutes, and they can sign up with phones, register for multifactor authentication, and manage their passwords—all without calling us.”

Using entitlement management workflows, Storebrand has automated the process of granting and controlling access to its critical assets. It can also specify which apps and services are accessible to its guests. With the ability to review and manage access rights, the company can ensure that employees and guests have the necessary access to its applications.

“Identity is the key,” says Stian Andresen Strysse, Senior Identity Architect at Storebrand. “Using Conditional Access policies and Azure AD Identity Governance services safeguards our data, and it’s in the middle of everything we do for security because it solves a lot of problems.”

Investing in a proper roadmap for privileged rights

Although historically some organizations considered privileged access as separate from identity governance, Storebrand believes it is a vital component of the Azure AD Identity Governance solution because the potential for rights abuse can be very high. Azure AD Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of overprivileged access and help to secure access to Storebrand’s resources. The company can effectively manage privileged rights through providing just-in-time access to roles, approval workflows, and role change alerts. Now, employees and guest users have the right level of access to resources they need at the right time.

“If you invest in an off-the-shelf identity governance and administration solution, we will still need a lot of custom code to get it to work, and it may take months or more to implement,” says Tsigakis. “We built customizations to enhance Access Packages with Azure Logic Apps when we require customization or any advanced requirements that are not supported out of the box. Now all I do is review and approve requests from the My Access portal from a PC or phone, so you can see the potential time savings and productivity benefits.”

Storebrand ASA uses Azure AD unified identity and access management capabilities for hundreds of applications and thousands of active assignments for its users. Self-service access reviews offloaded access lifecycle management to the people who are closest to the information. “And we’re now able to target guests in our system with Azure AD guest access management,” says Tsigakis. “So, the process of approving guest access in the My Access portal ties it all together into one seamless, efficient way to onboard people.”

Moving forward, Storebrand ASA is excited about the potential of solutions like Azure AD Identity Governance to help modernize its identity and access lifecycle infrastructure as it empowers its employees with self-service cloud security solutions that bolster security all the way to the perimeter. “We’re in on several public and private previews for Azure AD now because any new feature that shows up, we take it into production as soon as possible,” says Tsigakis. “We’re investing in Azure AD Identity Governance because we believe in Microsoft’s roadmap for this solution and its potential to streamline our regulatory and review processes to simplify identity and access lifecycle management for our users.”

Find out more about the Storebrand Group on Facebook and LinkedIn.