Identity management, says Omada CEO and co-founder Morten Boel Sigurdsson, is all too often an area of business that is stripped to its bare minimum. As such, they face risks should an auditor want to drill down into the company’s governance processes. The reason is quite simple: that company systems are by their nature complex and difficult things to know. The explanation of each system – “let’s say active directory groups – are not shown in normal descriptions the business users can understand, but more often in the IT codes that exist in the source system,” says Sigurdsson.
To overcome this, Omada is able to “onboard” the applications that are critical and describe user access levels in business terms the manager can understand. “So when you do an audit and ask the manager to validate staffs rights, then he or she receives this in terms they understand,” adds Sigurdsson. “That brings true value to the audit. However, you can benefit even more from this, as you now also can use this valuable effort to automate a self-service access request by users very much similar to the popular app stores.”
Omada has been a leading name in identity and access management (IAM) since 2000, when it was founded in Copenhagen, Denmark, with investment by industrial funders. It also provides solutions in risk management, compliance, role-based access management, and process governance. Omada has a long history of work alongside Microsoft and SAP, and has won many awards and recognition from both companies. Omada is the winner of the 2008, 2009, and 2011 Microsoft Identity and Security Partner of the Year Award.
Omada, which means ‘team’ in Greek, has operations across North America and Europe, and is looking to expand its personnel base in Germany, Denmark, and the United States. By 2004, the company says, the company was experiencing growth, which it pegs at 60% annually since. Sigurdsson will not disclose financial information, but confirms that the company has “been profitable for the past 12 years.”
“IT networks face increasing threats from inside and outside an organization,” says security expert at Ernst and Young, Francis Kaitano. “Conventional perimeter defenses, for instance, can miss insider threats, such as password disclosures and fraud due to staff collusion as well as external online threats including ‘zero-day attacks’ (i.e. attacks that take advantage of computer security holes for which no solution is currently available).”
Identity management is in essence a process to manage the entire life cycle of digital identities and the safe utilization of company resources with new technology. This may include access management, which is at its core the process of allowing or denying entry to points on a company’s digital framework.
Omada’s business rests on its Identity Suite, which is built on Microsoft technology and, according to the company, delivers a “dynamic and adaptable yet fully integrated enterprise platform for both identity management and identity governance.” The suite employs loop auditing processes and advanced reporting, in order to provide a clear view of all identities in an organization for compliance purposes.
In September 2012, Deloitte chose Omada Identity Suite for its internal identity management system. Other companies that have employed Omada include Danish IT group KMD, compatriot financial firm Sydbank, German brokerage .comdirect, BMW, and ECCO Shoes. It has also won numerous Microsoft partnership awards. “We have many of the largest companies in the world,” says Sigurdsson. “Often, certain verticals like financial or pharmaceuticals are under significant regulatory compliance requirements, and they often use our solution to collect, validate, and report on access. The goal is to ensure that no intellectual property or vital proprietary information can be accessed by other staff than those who should.”
Omada is, Sigurdsson claims, at something of a crossroads. And the following twelve months will prove vital, if it is to continue its rapid development. Recently the firm moved its platform towards a more packaged, more adaptable solution that can provide quicker time to value. “Going forward, we are working on new releases with some very exciting capabilities within the areas of compliance governance as well as improving IT management and self-service that will accelerate deployment by making it much easier.”