Coop partners with DNV Cyber on its road to cloud-based identity management

This project was delivered by Nixu, a DNV company. DNV, Nixu and Applied Risk joined forces to form DNV Cyber in 2024, creating one of Europe’s fastest growing cybersecurity services businesses.

Coop Norge is Norway’s second-largest retailer, with 28,000 employees and 1,400 external workers. The cooperative is owned by almost 2 million co-owners, and it manages more than 1,200 stores under six different grocery store brands and two home DIY store brands: Obs, Extra, Coop Mega, Coop Prix, Coop Marked, Matkroken, Obs BYGG, and Coop Byggmix. Now all Coop brands have transitioned to a modern Identity Governance and Administration (IGA) solution to manage the digital identities of thousands of their employees.

Aiming for automated and secure identity management with better user experience and lower costs

Coop Norge wanted to replace their existing, outdated solution with Saviynt’s IGA solution within a six-month period, starting in early 2022. IGA solutions help organizations manage the identity lifecycle of their workforce, i.e., to keep track of employees when they join or exit a company or transfer within it. IGA shows what access rights employees have and if their cumulative access rights contain risky combinations that should be mitigated.

Coop aimed to finalize the project before the 2022 summer holiday season, so the schedule was tight, and the project execution needed to run smoothly. Another driving factor was the company’s intention to deploy a new Coop-wide learning solution which was scheduled to be taken into use during early autumn 2022. The goal of the entire project was to take Coop’s internal and external identities to the cloud while keeping the business secure, controlling operational costs, and improving the user experience.

Coop’s challenge was twofold: First, they wanted to replace manual processes in their Joiner-Mover-Leaver process. Second, they wanted better control of the internal and external personnel. Thus, the idea was to connect these operations into one IGA system and create better reports for security audits. From the security audit point of view, the project was beneficial since it significantly improved the level of security of Coop’s processes for managing the identities and access rights of the company’s personnel.

Experienced partners play a big role in achieving a successful outcome

Coop liked the cloud-based Saviynt technology and needed a company with the right background to do the implementation. What spoke in favor of choosing DNV Cyber was that DNV Cyber has already completed numerous Saviynt IGA implementations. Therefore, Coop found DNV Cyber to have the required experience for the project. Coop also liked the idea of having a partner with a Nordic presence. When the system and implementation partners had been chosen, the project was kicked off in January 2022. 

Coop had its own internal team that was complemented by a team of six DNV Cyber experts. During the first phase, DNV Cyber implemented the essential Saviynt functionalities needed in the Employee Identity Lifecycle management in addition to the most integral integrations based on prioritization made together with Coop. Some additional functionalities, such as the ServiceNow platform and ticketing system, will be integrated to Saviynt at a later phase.

“One of the biggest improvements has been that we can now keep track of the accounts and access rights of employees that might work in several locations in one system that gathers all the data. We can offer this service to all our chains and stores. The new functionalities will also improve security" states Coop Norge’s Enterprise Architect Eirik Klouman Berg.

DNV Cyber’s Senior Consultant Mikko Hellstén, who worked as the head architect on this project, felt that the collaboration with Coop was easy: “The scope was clear, and they had resourced enough IT and HR personnel to work on the project. We had a lot of collaboration where DNV Cyber team focused on doing integrations to the new IGA system and Coop worked on the HR system. Coop offered great expertise, and their employees, for example, carried out the final user acceptance testing in an organized manner, which is not always a given”.

I have been very happy with the DNV Cyber team, as they have shown great expertise in both IGA and Saviynt. They have been easy to work and communicate with, and they have been worth our trust.

  • Eirik Klouman Berg.
  • Enterprise Architect
  • Coop Norge

A modernized IGA system creates a strong base for future development work 

The new IGA system enables better governance along the way thanks to automated processes and the ability to grant access rights accurately from the start. Now Coop can easily detect entitlements that should not be given, and the company can also reduce license costs of people who have already left the company. All in all, the system owners and line managers will be getting better visibility over their employees‘ access rights. Currently, they need to check entitlements from as many as seven or eight separate systems, but soon this can be done through one Saviynt system. The next steps will include connecting Coop’s new learning management solution to Saviynt, and DNV Cyber is the implementation partner in that project as well. 

“This is only the basis, and we will be doing collaboration for years to come. We need the resources and expertise from DNV Cyber to achieve what we want. In the future, when we start bigger projects, we will call upon DNV Cyber to assist. At least, SAP integration is something I see on the horizon”, comments Klouman Berg. “I have been very happy with the DNV Cyber team, as they have shown great expertise in both IGA and Saviynt. They have been easy to work and communicate with, and they have been worth our trust.” 

Miska Laakkonen, the Head of Business for IGA and PAM at DNV Cyber, is also pleased with the outcome: “The project ran very smoothly since Coop Norge had a clear vision of what it wanted to achieve. It has been a pleasure to work with such a capable client organization, which also played its part in us being able to carry out the project on schedule and within budget. It has been great to hear that also Coop has been happy both with the cooperation and the results we have achieved together. We look forward to continuing our collaboration”.  

 

We design and help you implement identity and access management (IAM) solutions taking a comprehensive approach to security and ensuring compliance, while balancing security with efficiency and the specific needs of your organization.

Put security controls in place to protect your data and assets and strengthen your cybersecurity posture.

Cyber industries

DNV Cyber talks your industry’s language. We safeguard critical infrastructure industries, with specialist IT and OT teams in multiple domains offering regulatory, technical, and commercial knowledge in your sector.