Aboitiz anchors transformation in identity

decorative image
Time to read: 10 minutes

The Aboitiz Group began in the Philippines in the late 1800s as a small hemp fiber trading business. Today, it is one of the nation’s largest business groups, with investments in power, banking and financial services, food, infrastructure, land, data science and artificial intelligence as well as construction and shipbuilding. The Group is recognized as one of the best-managed companies in the Philippines and the region, consistently cited for its commitment to good corporate governance and sustainability. Currently, the company is on its Great Transformation journey to become the Philippines’ first Techglomerate as it continues to shape the future by advancing business and communities.

Challenge

Aboitiz is building the Philippines’ first techglomerate, which entails a cloud-driven transformation to boost innovation and collaboration across 47 diverse business units in multiple geographies. To facilitate its migration to the cloud and reduce security risks, the company needed coherent identity and access management policies and automated provisioning/deprovisioning processes.

Solution

Leveraging SailPoint, Aboitiz replaced ad hoc manual systems with an automated identity security platform to allow it to efficiently monitor and manage more than 22,600 user accounts across 47 business units in the Philippines, Asean region, and China. Initial benefits include improved security in a Zero Trust framework, along with faster onboarding and timely account deactivation through automation. The new platform and dynamic approach to identity management will further support the Group as it continues to move to the cloud for improved innovation and collaboration.

Industry

Company size

15,600 employees

With SailPoint Identity Security Cloud, we can focus more on maintaining identity security as we rely on SailPoint to actively monitor, manage and maintain the infrastructure and the platform.”

Charmaine Valmonte, CISO, Aboitiz Equity Ventures Inc.

22,600

accounts monitored across 47 business units

40

hours saved for new-hire account creation

21

days saved for account deactivation

For more than a century, the Aboitiz Group has advanced business and communities in the Philippines. It is a conglomerate with investments in diverse traditional industries like agribusiness and food, energy, real estate, manufacturing, and financial services, as well as digital infrastructure, digital banking, and data science.

It is now in the midst of a major transition to ensure its continuing relevance and to further upgrade its contribution in a fast-changing tech-driven world. Called the Great Transformation, this program is intended to elevate every aspect of the Group’s culture and operations to reshape the organization into the Philippines' first “techglomerate”.

Migrating to the cloud, embracing innovation and technological advancement, and leveraging synergies across the Group are key aspects of the Great Transformation, with a strong identity posture as a foundational element that anchors the entire initiative.

“Our organization is very complex. We have 47 business units across multiple, diverse industries and multiple markets throughout Asia, and each business unit has separate identity sources,” Charmaine Valmonte, Chief Information Security Officer for Aboitiz Equity Ventures Inc. (AEV) and the Group’s managed units, explains. “It’s a universal truth that the more complex your environment becomes, the simpler the methodology you need. Identity access is certainly not simple for an organization like Aboitiz, but with a zero trust mindset and automation, we have a systematic way of managing and securing even our complex environment.”

Starting from zero

Valmonte set the Group off on its identity management journey back in 2019. At that time, she had a team of 14 cybersecurity professionals, with only a further two specialists dedicated to identity and access management for more than 14,000 staff accounts and hundreds of applications. Systems and processes were ad hoc. Very few units or applications had a formal identity and access management process in place, and there was very limited adherence and no automation.

“We were starting from zero. But this gave us the opportunity to leapfrog using technology,” she says. “We made the call to invest time and effort into the organization’s most valuable asset: the identity.”

A gap analysis revealed serious security concerns around account provisioning and deprovisioning in particular. Manually creating an account for a new hire took around five days after onboarding; deactivating an account took 21 days.

In alignment with the Group’s strategy of moving systems to the cloud and its adoption of a zero trust framework, Aboitiz chose SailPoint as its identity governance partner. “SailPoint offers us comprehensive identity governance solutions to help us efficiently manage user identities, access and compliance with tools for identity provisioning, access management, role management and compliance reporting,” Valmonte explains.

Deploying identity security

In collaboration with the different Aboitiz business units, Valmonte’s AEV Cyber and Information Security team deployed a SailPoint identity security solution in 2020.

The initial objective was to automate the provisioning, deprovisioning and updating of user accounts to address security and operational gaps. The system correlates accounts to active employees, increasing identity protection and enhancing the onboarding/offboarding experience for both system administrators and end-users. It also provides full account visibility, from ownership to system access, to reduce the risk of unauthorized access.

“We had to change the way we thought about identity; from users to devices, networks, applications and workloads, identity is a cornerstone of the zero trust framework. We also had to roll out zero trust and other identity and access management solutions, like privileged account management, during the early days of the COVID pandemic, when we were working remotely and supporting remote end-users who were rapidly adopting third-party productivity tools and applications at home – and unwittingly inviting unknown risks into the business,” Valmonte recalls.

“The technical expertise of SailPoint and its local partner Infocentric Solutions and their patience and eagerness to see this project succeed was truly exceptional and contributed to our success.”

Key benefits of the SailPoint solution include:

  • Reduced risk: With identity security, Aboitiz has decreased the risk of unauthorized access by enforcing access controls, such as timely account deactivation and the monitoring of active accounts, and ensuring compliance with security policies and regulations. Valmonte says, “By focusing on identity-centric security strategies, we have enhanced our overall cybersecurity posture.”
  • Enhanced user experience: Accounts are now provisioned almost instantly upon onboarding. This automation has eliminated mundane account-related operational tasks and freed system administrators to focus on more strategic work, increasing their productivity. “SailPoint has eliminated manual tasks for us, and provisioning, deprovisioning and updating of accounts has never been better,” Valmonte says.
  • Business continuity: Identity governance is an integral part of Aboitiz’s business continuity plans, providing the necessary tools and controls to maintain secure access to critical resources, monitor for anomalies, and facilitate a swift response to security incidents during times of disruption.

According to Valmonte, “Incorporating identity-focused strategies has improved our overall resilience and ability to adapt to changing circumstances. We also appreciate that SailPoint uses artificial intelligence (AI) to enhance threat analysis and anomaly detection, assisting our cyber security team in making faster and more informed decisions.

SailPoint offers us comprehensive identity governance solutions to help us efficiently manage user identities, access and compliance with tools for identity provisioning, access management, role management and compliance reporting.

Charmaine Valmonte, CISO, Aboitiz Equity Ventures Inc.

Growing and improving

By October 2022, Aboitiz’s SailPoint solution had seamlessly created 1,300 accounts, suspended 476 accounts and performed more than 59,000 account modifications on 12 systems and applications across 44 business units. Rather than waiting five working days for their account to be manually created, new hires receive their account instantly, and deactivating an account is immediate, rather than a 21-day process.

Growing with the business, the SailPoint identity governance and administration system today monitors in excess of 22,600 application accounts across 47 business units. More than 4,700 accounts have been created and 2,800 suspended. More than 144,000 account modifications or transfers have been completed, triggering account verification procedures; 60% of accounts are now verified – and that total is rising every day.

Migrating to the cloud

Having decided to put a cloud-based identity security platform at the core of its organization, Aboitiz joined SailPoint’s Migration Assessment Program to help it plan the transition. According to Valmonte, this four-week assessment showed Aboitiz how it could:

  • Take advantage of cloud technologies to improve overall security;
  • Deliver business value by efficiently running workloads and by leveraging operational insight to continuously refine processes and procedures;
  • Scale the solution to meet the growing needs of the organization.

Improved security was a key driver of the Group’s decision to adopt SailPoint Identity Security Cloud. With cybersecurity threats constantly escalating, Valmonte’s team was having to spend more and more time on keeping its systems updated in order to stay ahead.

“With SailPoint Identity Security Cloud, we can focus more on maintaining identity security as we rely on SailPoint to actively monitor, manage and maintain the infrastructure and the platform – with no in-house infrastructure for us to worry about. I appreciate that I don’t need to hire anyone with deep expertise in coding and configuration of the system, and that I can take advantage of the solution’s multi-tenant architecture to reduce complexity, enhance quality and scale up easily,” she says.

Looking to the future, Valmonte is excited that Aboitiz’s identity governance journey is just beginning.

“Our environment is constantly moving, and we continue to learn and improve. With our ‘techglomerate’ vision and zero trust architecture adoption, our approach to identity management is becoming highly dynamic. We adjust access permissions based on risk assessments, enabling us to act promptly to potential security threats. Next, we’ll be focusing on cloud infrastructure entitlement management and access modeling to help us scale and build workflows as we continue to move out to the cloud,” she concludes.