Mirvac sets identity strategy and new tech foundations

Mirvac is enabling more process automation in an as-a-service identity management platform that it has deployed.

The ASX-listed property group is configuring a SailPoint Identity Now IDaaS platform it deployed under a broader identity strategy it wrote “over the last couple of years,” cyber security group manager Nick Vine told SailPoint’s Navigate virtual conference.

“We've definitely packed our bags, we've gotten in the car, and I feel like we've just hit the motorway,” Vine said of Mirvac’s identity strategy.

“We've definitely laid down a solid identity strategy over the last couple of years, especially to our high risk areas, [but we’re] still on this journey. 

“There's great clarity around where we're heading and to drive further efficiencies in how we govern identity, and absolutely SailPoint played a role in that.”

Vine said consuming identity management as-a-service had led to faster “efficiencies” and “overall improvements [to] governance and compliance, especially when it comes to auditing.”

He said the work on identity had initially helped Mirvac manage risk “around the sanitisation of applications, so getting a grasp on those stale accounts, those pockets of risk that would otherwise go unnoticed.”

It had also created a “technologically-centric approach to ensuring separation of duties,” he said.

In IT security, separation (or segregation) of duties is about ensuring that processes, tasks or privileges rest with multiple people rather than with a single person.

It is an internal control designed to ensure that authorised privileges aren’t abused.

“Before … we had to rely on manual processes for that,” Vine said. 

“Being able to put some more automation around how we achieve separation of duties has been quite big for reducing our risk, too.”

Vine said that setting a specific identity strategy and putting Identity Now in place were considered “big wins” internally from a security perspective.

“It's given us a great foundation technology-wise, our processes have improved as a result, and just generally [our] people have bought into the program as well,” he said.

Work is continuing around enabling automation through the platform.

“Even though we've implemented Identity Now, we feel like we can definitely achieve a more light-on, hands off approach,” Vine said.

“Getting that automation in place with process improvements we feel is going to be our next step.”