Transition to the cloud in a pandemic year: Danfoss implements new IGA solution

This project was delivered by Nixu, a DNV company. DNV, Nixu and Applied Risk joined forces to form DNV Cyber in 2024, creating one of Europe’s fastest growing cyber security services businesses.

The Danish manufacturing and engineering company Danfoss decided to transition to a modern Identity Governance and Administration solution to manage its over 40,000 digital identities. The COVID pandemic required a new approach to a project that normally would involve plenty of face-to-face planning.

Two of Danfoss’ largest product segments are Power Solutions, which focuses on hydraulics for construction and agricultural equipment, and Climate Solutions  (e.g. air conditioning, refrigeration, and heating systems) for industrial and business use. Danfoss operates globally and has factories across the world. The company recently grew by a third when it acquired the hydraulics business of Eaton, another major industrial manufacturer.

As a trusted manufacturing partner for many sectors, Danfoss must maintain a high standard of cybersecurity. For example, Climate Solutions are critical infrastructure: these might sound like mundane equipment, but their importance becomes clear if they are hacked and an attacker can suddenly cut off your cooler, heat, or AC.

Danfoss works to keep their products easy to use but at the same time highly secure. The company has been on a digitalization journey, moving from the role of a traditional manufacturer to increasing the IoT capabilities and smart properties of its products. The company has partnered and collaborated with DNV Cyber on various cybersecurity projects, even winning an industry award in the field of IIoT security in 2017.

Target: Efficient, secure governance for over 40,000 employees and partners

Danfoss was looking to upgrade their existing Identity Governance and Administration (IGA) solution to a more advanced alternative. Danfoss considered the previous solution they were using to be limited, hard to use and inflexible for the company’s needs. 

Identity Governance and Administration (IGA) solutions are used to manage an organization’s digital identities. As employees join or exit a company and transfer within it, IGA solutions help the organization stay on top of who works there, what access they have and if their cumulative access rights contain risky combinations that should be mitigated. In addition, many organizations have to manage the identity lifecycle of external workforce, such as consultants, who need access only for a limited time.

An automated, properly implemented IGA solution can make the difference between a secure, efficient workflow and a slow, uncertain one that is prone to human error. To upgrade their existing IGA system, Danfoss looked to the cloud: the manufacturer wanted a reliable solution that would scale and provide easier access for its team. An additional aim was to improve the quality of IGA analytics and reporting.

Danfoss chose DNV Cyber as the partner for planning and implementing their new solution. The project was kicked off in September 2020.

Result: A successful jump to the IGA cloud with a fully remote team effort 

Danfoss employs more than 37,000 people globally. With a significant number of external partners and consultants, Danfoss needs to manage in total over 41,000 digital identities. The solution DNV Cyber proposed and Danfoss chose to manage this volume and meet the high standards with, was the cloud-based identity access and governance platform from Saviynt.

The project’s timeline was tight: Danfoss wanted to complete the transition from their legacy solution to Saviynt before the Eaton acquisition was finalized. The pandemic also set new challenges. Previously a project of this scope would involve on-site meetings and planning. Now this was done remotely: the roadmaps to a successful transition were drafted in virtual workshops.

The planning and preparations were done in close cooperation with Danfoss. DNV Cyber handled the implementation and integration of the new solution as well as technical support once the system went live. DNV Cyber’s over 70-person Digital Identity Business Unit has expertise in many IAM technologies and includes close to 30 Saviynt-certified professionals. DNV Cyber is also one of Saviynt’s two Diamond Level Partners in the EMEA region.

With close collaboration, the project was successfully completed before the acquisition was finalized. The project also received industry recognition, winning the award Identity Fabrics & Enterprise IAM Project of the Year in KuppingerCole’s European Identity and Cloud Conference in September 2021. Miska Laakkonen, DNV Cyber’s Head of Business for IGA and PAM, praises the spirit of the client’s team.

“With Danfoss, we got to work with highly competent experts that always had a positive attitude. Executing a project of this size is always a demanding task. It also added a layer of complexity that the Danfoss team was located across three continents and different time zones. The client’s team spirit was excellent, and they were always on top of things, even when COVID-19 prevented us from working under more ideal team conditions. This was invaluable in delivering the project in time.”

“DNV Cyber’s team came to the project with a structured approach, defining clearly what they needed from us and holding regular updates with our team”, Danfoss’ Head of IAM Daniel Mazzo Tunes tells. “This helped us keep track of the big picture: we always felt we were in control and knew what was happening. DNV Cyber team was also very transparent. We discussed a lot how to tackle certain challenges, what trade-offs different solutions offered, and if something would involve additional costs. This helped us build a lot of trust.”

I could not have imagined five years ago it would be possible to execute such a large project 100% remotely. DNV Cyber did a wonderful job and I’m highly proud of our shared accomplishment with this project.

  • Daniel Mazzo Tunes
  • Head of IAM
  • Danfoss