AUTOLIV. A GLOBAL IDENTITY AND ACCESS MANAGEMENT SOLUTION /

AUTOLIV. UNA SOLUCIÓN GLOBAL DE GESTIÓN DE IDENTIDADES Y ACCESOS

SIA INTERNATIONAL

JOSÉ A. MORALES RAMOS

Autoliv BKI

Ernesto Arnal

AUTO Lindblad In Vårgårda

Autoliv - was founded in Vårgårda, Sweden, in 1953

Autoliv’s History

Autoliv in Brief

� Sales and technology leader

� Sales: US $7.2 billion

� Fortune 500 company

� Sales to all major vehicle manufacturers

� ~80 facilities in 29 countries

� 10 technical centers in 9 countries and 21 crash test tracks

� ~43,000 associates whereof 4,000 in R,D&E

Autoliv in Brief

RoW

38%Japan

Europe

29%

North America

11%

11%

11%

China

Autoliv in the World

USA

Mexico

Brazil

Australia

South Africa

EUROPE

• Estonia

• France

• Germany

• Hungary

• Italy

• Netherlands

• Poland

• Romania

• Russia

• Spain

• Sweden

• Turkey

• UK

India

ChinaJapan

Indonesia

Canada

S.Korea

Malaysia

PhilippinesThailand

TaiwanTunisia

Autoliv in Brief

Superior Global Presence– All Major Vehicle Brands

Customers

Complete Safety

System Supplier

Steering Wheel

Driver Airbag

Pelvis & ThoraxSide Airbag

Inflatable CurtainPassenger Airbag

Seatbelt Systems

Rear Side Airbags

Electronic Control Unit (ECU)

Knee Airbag

Vision System

Pedestrian Protection

Night Vision System

Satellite Sensor

Anti-Whiplash System

Anti Sliding AirbagOther Important Products:Child SeatsActive Seatbelts

Driver Assist Radar

Autoliv Values

� Life - we have a passion for saving lives.

�Customers - we are dedicated to providing satisfaction for our customers and value for the driving public.

�Employees - we are committed to the development of our employees’ skills, knowledge and creative potential.

� Innovation - we are driven for innovation and continuous improvement.

�Ethics - we adhere to the highest level of ethical and social behavior.

�Culture - we are founded on global thinking and local actions.

We Care

Vision, Mission & Values

SIA INTERNATIONAL

h Founded in 1989 with more than 21 years experience in the IT market

h Solution Provider with recognized position in Security, Storage and Management

h Focus in large organizations: Government, Financial, Telco and Industry

h Business model based upon specialization and customer focus

h Quality and Process Management

SIA INTERNATIONAL VALUES

• CORPORATIVE CULTURE:

• Customer Focus and long term relationship

• Specialization for delivering real value

Flexibility to adapt our Solutions to Customer situation and expectations

• Innovation driven (UNE 166002 Certification)

• Collaborative Framework to empower employees and

customer relationship

• FOCUS IN PROCESS MANAGEMENT AND QUALITY

ASSURANCE

• EXPERIENCE AND RESOURCES

2011-November 10ISACA Valencia - V Congress

An extensive expertise within IAM space.

Background. Before IAM.

� IAM projects are somehow polyhedral with multiple perspectives, services and values

� IAM projects are not just technology, they require other skills:

– Organization

– Integration

– Project Management

Background. Why do I need an IAM infrastructure?

IT & NON IT

RESOURCES

No

mobility

Long waits

Availability

Too many

systems

Multiple

Passwords

Poor

usability

Users

Administrators

Security

admin per

platform

Manual

processes

Policies are not

implemented

Dedicated

staff for each

system

New

requirements

all the time

Lack of

security

processes

Lack of

control

and

auditing

Security

holes

High costs

No

scalability Managers

Background. IAM expected benefits.

IT & NON IT RESOURCES

No mobility

Long waits

Availability

Too many systems

Multiple Passwords

Poor usability

Users

Administrators

Security admin per platform

Manual processes

Policies are not implemented

Dedicated staff for each system

New requirements all the time

Lack of security processes

Lack of control and auditing

Security holes

High costs

No scalability Managers

PerspectivesAuditability

EfficiencyAutomation

Usability

Compliancy

Costs and Complexity

Reduction

IT & NON IT RESOURCES

2011-November 14ISACA Valencia - V Congress

IAM benefits

COST

REDUCTION

SERVICE LEVEL

USABILITYRISK

MITIGATIONCOMPLIANCY

Authentication & Password Mgmnt � � � � � � � � �

Consolidation � � � � � � � � �

Provisioning & Workflow � � � � � � � � � � � �

SSO � � � � � � � � � �

Access Control � � � � � � � � � � �

Auditing � � � � � � � � �

IAM and ROI

2011-November 15ISACA Valencia - V Congress

ADMINISTRATION COST

HELP DESK COSTS

AUDIT COST

USER PRODUCTIVITY

MERGE & ACQUISITIONS

EMPLOYEE RELOCATION

IAM. Implementation approach.

Key Deployment Factors

• A Phased Project Model starting with AUTOLIV Europe.

• The first step is to select the appropriate technology solution based on AUTOLIV requirements and “killer criteria”

• Prioritize SAP system, so that the IAM service will really help SAP deployment in Europe territory

• Knowledge Transfer will allow AUTOLIV staff to be self-sufficient and correctly manage its own infrastructure.

• Project Management to ensure the most appropriate use of both resources and time to achieve project goals

• In next phases, these common architecture and procedures will allow to incorporate new territories (America, Asia), systems (ERP JD Edwards, QAD), local applications, new services (SSO, GRC integration)

Autoliv IT Strategy and IAM

• Global, worlwide distributed company.

• Iinformation systems consolidatoni estrategy.

• Regional data center consolidating both corporate basic access, ERP, CRM, …

• SAP as corporate ERP.

• Identity and Access Management as a consequence for central user, roles and access governance.

Project Scope Europe Territory

End Systems: � Active Directory� SAP: through SAP CUA� ERP DIACAR: AS/400 connector� Movex ERP: LDAP and Database connectors� Softm: AS/400 connector� Autoliv Shared Applications Portal: LDAP and Database connectors� Hyperion: database connector

Functional:

� Definition of a corporate profiling� Centralized identity repository� Integration with HR system as a source of authoritative data� Accounts and passwords synchronization and account provisioning� Identity life cycle definition� Workflow design for request, authorization and approval of resources� Implementation of an autonomous password recovery mechanism for end users� Implementation of audit mechanisms provided by the product

Recommendations� Start with your business

processes

� Break your IAM strategy into 3-6 month projects:

– Europe, America, Asia

– ERP

– Local Applications

� Minimize customization in the first phases

� Implement incrementally, slowly expanding scope

� Show immediate wins

Recommendations

� Data Quality: Data cleansing is always a bigger issue than expected

� Role definition: Roles are important, but don’t expect to cover 100%

� Functionality vs. priority vs. ROI: Vendors catch up on features in pace with market demand. The right technology can simplify project and lower TCO

� Don’t go it alone; select an experienced consultant

GRACIAS / THANKSJosé A. Morales Ramos

Principal Security Business ConsultantSIA INTERNATIONAL

jamorales@sia.es

Ernesto ArnalInformation Systems Segurity Manager

Autoliv Europeernesto.arnal@autoliv.com