tenfold V24:
The Future of IAM

About Belvedere Museum

As one of the world’s oldest museums, Vienna’s Belvedere Museum is not only a World Heritage Site, but first and foremost home to masterpieces by contemporary icons including Klimt, Schiele, Monet and Van Gogh.

Customer Opinion

“The application definitely proved its value right from the start. Ever since we launched tenfold, our workload has been significantly reduced.”

Norbert Zwolinski
IT Manager

Overview

Location
Vienna, Austria

Industry
Arts & Culture

No. of IT Users
300

License
tenfold Enterprise

Before tenfold: Manual Processes & Data Errors

The onboarding and offboarding of employees proved a particularly challenging undertaking to the staff of the Belvedere’s IT department: anytime a new employee joined the force, the IT would have to manually set up a user for that person across multiple applications and systems; likewise, anytime data needed changing or if a user required additional privileges (e.g for projects or upon department change), these changes had to be implemented manually. The efforts involved were enormous and stole valuable time that would have been desperately needed elsewhere.

Furthermore, errors inevitably occurred: transposed numbers and letters, incomplete attributes, faulty email and phone directories. It was challenging for IT staff to keep track of who had what permissions and accounts in what systems. None of these issues are uncommon in organizations who rely on the manual management of access rights, and therefore it comes as no surprise that the given circumstances at the Belvedere Museum led to increased dissatisfaction among IT and HR staff, as well as users.

Hopes for Improvement With IAM

The Belvedere is fully dedicated to providing the highest possible standard of cybersecurity. Therefore, the idea behind implementing an identity and access management solution was to ensure the risk of unauthorized access and data theft could be reduced to a minimum. IAM solutions allow organizations to automate control over access rights, ensuring that rights that are no longer needed are revoked automatically and on time.

Free Trial

Our No-Code Solution Makes IAM Easy.
Start Your Free Trial Today!

Objectives & Approach

In light of the numerous problems caused by the manual management of users and rights, it was soon apparent that a solution had to be found. The following three objectives were defined:

  1. Optimize workflows:
    Data exchanges and communication between HR and IT should be fast, seamless and preferably automated to ensure information pertaining to new or departing users would be transmitted in time and without errors
  2. Reduce IT workload:
    IT staff should be relieved of redundant and time-consuming manual tasks that can be easily automated, allowing them to spend time on more important duties.
  3. Improve cybersecurity:
    Accounts and permissions should be assigned and revoked automatically and at the right time to prevent an unwanted accumulation of permissions and orphaned accounts.

Search for the Right Solution

The idea of introducing an IAM solution had been on the table for some time at Belvedere, as internal security audits had led to the conclusion that an IAM solution would bring significant improvements. The sought-after software should be able to connect to various services such as Active Directory, Microsoft Exchange and the HR system used by Belvedere. Because pressure was high, rapid deployment was also a priority.

A number of large providers on the IAM market offer complex solutions referred to as “enterprise IAM solutions”. These products are akin to modular systems which customers can design to fit their own individual needs. However, the architecture of these solutions requires that all workflows must be programmed individually – including very basic processes and systems. Implementing such IAM-projects requires intensive planning and consumes large amounts of money, time and human resources. Medium-sized organizations often tend to underestimate the complexity and efforts involved and end up not being able to implement the project at all.

As Belvedere Museum, like many organizations, suffered from understaffing in the IT department to begin with, an IAM enterprise solution would not have presented a viable option.

In discussions with the Viennese IT consulting and solutions company Artaker IT, with whom Belvedere looks back on many years of collaboration, the pragmatic solution tenfold was brought to attention: in contrast to enterprise IAM solutions, tenfold offers many out-of-the-box features and can be set up easily without any programming or complex configuration files.

Implementation

The technical implementation and configuration of the software was carried out by Artaker. The connection of the target systems Active Directory and Exchange was implemented within a short time period using tenfold’s default plugins. The tenfold import plugin allowed the data from the HR system to be imported directly to tenfold without the need for programming or individual scripts.

Improvements Through tenfold

Thanks to tenfold’s easy set-up, Belvedere Museum were able to achieve all their ambitions quickly and smoothly.

Targets achieved:

  • Reduced workload for IT

  • Reduced workload for HR

  • Improved cybersecurity

HR no longer need to email the data to IT, who in turn have to input it into the respective systems. Instead, the data is automatically delivered to tenfold via the interface and passed on. All associated permissions are assigned to users automatically.

tenfold also automatically notifies anyone else who needs to be informed about new entries or changes – for example, department managers or security personnel who need to be made aware of who is authorized to enter certain parts of the building and who is not.

Future Plans

Norbert Zwolinski and his IT team at Belvedere are currently examining further ways of employing tenfold. Role-based access control (RBAC), for example, can help to further simplify the assignment of permissions. Additionally, workflows for the service catalog for users are to be set up in order to allow users to request rights and access to resources for themselves or other users directly. The ultimate aim is to delegate anything that has to do with the assignment of access rights away from the IT.

Conclusion

tenfold was able to prove its worth at Belvedere Museum from day 1. The main goals set out by Norbert Zwolinski and his team – workload reduction, higher efficiency and overall improvement of cybersecurity – have been met. Now Belvedere looks brightly into a secure and efficient future, with many more opportunities to excel yet to come.

Video Overview

See tenfold in Action With Our Feature Video

Book a 1:1 Demo

Schedule a Live Demo With One of Our Experts

Free Trial

Put tenfold to the Test With Our Free Trial!