Mondi Group is Strengthening Security Against Rising Cyber Threats
Identity-based cyber attacks are increasing rapidly across all industries. Among the most popular targets of hackers are internationally operating industrial companies: Their geographically distributed, highly complex infrastructures, with their legacy systems and heterogeneous security standards, offer countless points of attack – and with the move to the cloud and the introduction of hybrid working models, the attack surfaces have increased significantly. “The threat situation has also intensified enormously in our industry, and with the increasing disintegration of the perimeter, strong identities are increasingly becoming the linchpin of modern security architectures,” explains Kristijan Bosankic, System Engineer at Mondi Group. “That’s why in 2020 we decided to comprehensively modernize our identity management and consolidate it into one enterprise-wide IGA solution. Our goal was to counteract a worldwide proliferation of identities in the company – and to set the course for a higher level of security with a contemporary, uniform platform.”
Given the high complexity and level of integration required for an international project, Mondi called in the specialists from iC Consult at an early stage. Our identity experts supported the in-house team in the market evaluation as well as in the subsequent selection and deployment of a suitable platform – and have been assisting Mondi with the efficient operation of their solution since it went live.
IT Access for All Employees
“The IGA rollout marked a huge step forward for us because, for the first time, this solution enabled us to set up a digital identity and dedicated IT access for each of our 22,000 employees – which is a game changer,” says Kristijan Bosankic. “Therefore, it was critical for us to find a platform that could scale highly and integrate all international locations and all applications used worldwide. For this scenario, One Identity recommended the Starling Connect platform for connecting our cloud services – and after an extensive testing phase, this approach convinced us. The solution already covered our requirements very well out-of-the-box – and leaves us a lot of freedom to make our adjustments.”
Successful Implementation of a Unified Identity Governance Solution
Involvement of all Stakeholders
After deciding on One Identity, the project team set about finalizing the solution design together. It quickly became clear that the biggest challenges would not be technical, but organizational. After all, it was not only necessary to map the company’s complex employee structure across all locations and roles, but also to define several new, company-wide processes, interfaces, and standards – not only for the connection of the company’s employees but also for a wide variety of external contractors, whose access must be quickly granted or revoked as required.
Christian Löffler, Regional Manager of iC Consult Austria, recalls: “As with any large identity project, the first step at Mondi Group was to bring together a large number of stakeholders at the green table to gather their individual requirements – from regional IT teams around the world to application managers and HR teams at headquarters. All of these stakeholders needed to be convinced of the benefits of a globally unified identity governance solution, and that they didn’t have to worry about sacrificing usability or having their responsibilities curtailed.”
In practice, it was possible to secure the support of all those involved quite quickly: The decisive factor here was that the project team took care to keep the organizational spillover effects of the new solution as low as possible and gave the local teams sufficient freedom in customizing the solution. In this way, each site was able to map its central requirements.
However, it was equally important that the benefits of the new solution were communicated from the outset. Some key arguments were:
- The solution’s significantly higher security level enables Mondi to protect critical and regulated data much better and provides a sustainable foundation for innovative SSO and zero-trust models in the long term.
- Migrating to a unified identity platform makes it much easier for Mondi to ensure internal, industry, and regulatory compliance.
- Consolidating multiple heterogeneous HR solutions into one central platform has significantly improved data quality across the entire company, simplifying operations across all sites and departments.
“In the end, we had the right arguments for all stakeholders and were able to move forward with the project as planned and with very high acceptance on the part of our colleagues,” says Kristijan Bosankic. “This was crucial for the overall project and helped us a lot to unlock the potential of the One Identity platform.”
API Supported Solutions for Mergers & Acquisitions
However, one challenge still had to be overcome in the course of implementation: As one of the major players in the global paper industry, the Mondi Group has been developing dynamically for years. Mergers and acquisitions are just as much a daily occurrence in the industry as the opening and closing of locations and inevitably led to a relatively high employee turnover. In practice, the administrative effort involved in setting up new employee access, assigning new authorizations, and deleting access that is no longer required is correspondingly high. For this reason, the Mondi team placed great emphasis on automating lifecycle management. The goal was to automatically provide new employees with all the applications they need from day one and to automatically delete the accounts of colleagues who have left, which not only makes work much easier but also contributes significantly to security.
This comprehensive automation was largely covered by the standardized connectors of the new identity governance solution. However, the on-board tools quickly reached their limits when it came to integrating and decoupling entire production plants. Therefore, iC Consult supported the Mondi team in developing customized APIs, which were subsequently integrated into One Identity, mentioned Dr. Ulrich Domröse SVP Identity Management, iC Consult GmbH.
Successful Implementation
The successful roll-out of the new IGA platform took place in the autumn of 2022. After initial difficulties, the solution lived up to expectations from day one: It has raised IT security to a future-proof and technically up-to-date level and automatically guarantees external and internal users reliable, secure, and compliant access to required resources and applications. Even though identity management is controlled centrally, the local departments are closely involved in the decision-making processes – for example, in the case of multi-level authorization procedures, or when implementing special local requirements. In this way, the existing internal processes and procedures could be largely retained without having to redefine responsibilities.
The cooperation with iC Consult also continues: Since the rollout, the identity experts have been supporting Mondi in the operation, maintenance, and continuous updating of the IGA solution as part of a comprehensive managed service. In this way, the internal team is sustainably relieved of time-consuming administrative activities and can concentrate fully on the core business.