[MUSIC PLAYING] My name is Michiel Simon. I work as a technical security manager for a large telco. The company has about 50,000 employees. I don't even know how many end customers, but that's going to be millions out there. So those 50,000 are spread mainly across Europe.
So, our company has grown really fast, in my opinion. And basically IT could not keep up, so we were running a lot of manual processes, a lot of offshore teams, temporary teams. Just doing a lot of manual work, really.
There's always the risk of having a breach-- an IT breach. So, people gaining unauthorized access to documents the identity-- the accounts that people use to access our systems. We need to provide remote access to them. So to control those identities in a centralized manner is really a challenge.
So we started off years back, actually, already with Active Roles. And it's still one of the core ingredients we use in our IT setup. We use it to delegate access to our service desks. Also to people in HR, even to our offshore partners who administrate the IT active directory on our behalf. And also even to our own domain admin. We really try to push them to use those tools, rather than the native solutions that we have.
Within Active Roles, we control them the naming of attributes, what is allowed, what is not allowed, special characters-- street names, Even ZIP codes. All of that is pushed via by those policies.
And later on, we also introduced Password Manager into the game. Password Manager, really, for the end user to be able to provide a secure self-service way of unlocking an account or resetting a password. And that was really to close a gap, which we had a traditional service desks doing manual passwords resets, which gives you the additional challenge of identifying the user. Are they, say, who they say they are?
That extra challenge was easy with Password Manager. We just give them the secret questions, and now weaving together with an SMS text messaging system as well. So the end users can receive the text message with the passcode, and then just take that forward.
Especially with the One Identity product, that's really taking us to a next level. The traditional way of doing things manually, it was really hard to explain to externals and new people joining the company that we were still doing things copy-paste, old school. So now that we have this HR system just feeding straight into Active Directory and straight into the email system, that's really helped us.
I do think that there is a lot of time saved. One of the key takeaways, I think, is just set number realistic objectives. Put down realistic timelines. Don't be scared to predict that it's going to take a while, and then work with that.
Get your buy-in from the teams involved. Talk to your HR people, and your legal and your governance teams, and get that ball rolling. And then once you get that first phase in, it's a lot easier to then extend the business.