As Published In
Oracle Magazine
January/February 2016
Sponsored Content

Accelerating Audit and GRC

guardianApps helps pharmaceutical company maintain compliance by rapidly onboarding 800 applications into Oracle Identity Manager

Today, Government and Regulatory Compliance (GRC) is a critical issue for companies in a variety of industries, including finance, pharmaceuticals, healthcare, and insurance. Businesses in these sectors must continually adapt to always-changing market and regulatory conditions driven by globalization and technological innovation. And one mission-critical aspect of meeting regulatory compliance requirements is ensuring that sensitive applications and information resources are protected and secure.

For an increasing number of organizations worldwide, this means implementing formal identity and access management (IAM) practices and tools to provide users with access to the resources they need for the right reasons at the right times. Indeed, research from IDC reveals that the worldwide market for IAM products is predicted to grow to US$7.1 billion in revenue by 2018, up from US$4.8 billion in 2013.

If your business depends on validated systems and you have an unauthorized system access issue, you not only damage yourself, but you also put at risk any supplier or partner you work with. It’s critical to have good governance practices in place and manage access with tools like Oracle Identity Manager because today, no company is an island.
Divya Sundaram, Director, Applications and Systems Delivery, guardianApps

To help meet demand for IAM, guardianApps, owned by Oracle Platinum Partner Chain-Sys (headquartered in Lansing, Michigan with offices in India and Singapore), offers expertise in security and identity management to help their customers meet their compliance needs. The company specializes in supporting implementations of Oracle Identity Manager at client locations and integrating it with managed and validated systems. They have developed a unique methodology, further enhanced by their appSecurity for Oracle Identity Manager toolset, to accelerate implementations and maintenance of their customers environments.

Evolving Access Management

According to Divya Sundaram, director, applications and systems delivery at guardianApps, IAM has gone beyond just granting access to employees to corporate systems, while enforcing rules and regulations. With the globalization of business, IAM has become more complex.

I would estimate that 99 percent of Fortune 1000 companies have outsourced parts of their IT infrastructure, applications and development activities, applications and development. And, bringing product and services to market often involves collaboration with partners, suppliers, and other third parties. This means that critical information, systems, and processes are exposed to third parties,” he observes. “If you’re a company where compliance is a significant requirement, how do you make sure that only the right people from these external parties have access?”

Sundaram believes the answer is to abide by best practices and implement an IAM system. But in his long experience, too often companies implement the basic aspects of an IAM system, but the true value to the business generally is only realized after several years once system features are completely implemented. In contrast, guardianApps offers a unique value proposition because by utilizing a combination of its appSecurity for Oracle Identity Manager and IAM methodology, enterprises can realize ROI on IAM projects within as little as three months. The benefit of guardianApps’ approach was recently illustrated by a successful project for a pharmaceutical client.

AppSecurity allows customers to gain value from their Oracle Identity Manager deployments within as little as three months.
Divya Sundaram, Director, Applications and Systems Delivery, guardianApps

Minimizing Compliance Concerns

Typically, enterprises implement new IAM solutions in response to a compliance need—either as a new “greenfield” implementation or as a transition from an existing IAM platform. So, it is important to ensure that any transitional activities preserve compliance—for example, in a divestiture where systems under compliance must remain compliant throughout the transition process. This was the scenario executives at a Chicago area pharmaceutical firm faced in 2013 when its parent company was divided into two entities, creating a newly separated research-based global biopharmaceutical company.

Independence meant that IT leaders at the newly formed pharmaceutical company needed to migrate all of the approximately 800 quality control and other applications used to manage the manufacturing and development of pharmaceutical products from the parent company’s legacy system into a new system. The challenge? Onboarding had to be accomplished in just eight months—and at no time could the applications fall out of compliance or fail ongoing audits.

To achieve these critical goals, the pharmaceutical firm selected and implemented Oracle Identity Manager. Then, IT executives reached out to guardianApps to provide insight into how best to migrate all their applications into the new IAM system. It was a good match because guardianApps experts were already providing IT support services for the Oracle Identity Manager environment and were able to leverage their knowledge to help streamline the application onboarding process.

Onboarding 800 applications in eight months was a huge challenge which we were able to meet only with guardianApps appSecurity tools and their unique methodology and approach.
Senior Manager at Global Pharmaceutical Company

Sundaram reports that utilizing guardianApps’ IAM methodology involved applying a software factory approach to bring applications onboard in a repeatable fashion. This allowed applications to be quickly integrated into Oracle Identity Manager so that development, quality assurance testing, and production deployments could proceed. guardianApps team members also leveraged the appSecurity for Oracle Identity Manager toolset, which sits alongside of Oracle Identity Manager, to automate most of the steps and speed up processes.

“We worked with multiple application owners simultaneously and applied our repeatable process to each application. We had up to 30 applications go into QA each day and over 100 would go live over a weekend after validation was completed during the week,” he says. “Eight hundred applications were onboarded in an eight-month window. The pharmaceutical company’s applications were never out of compliance and continued to meet audit requirements.”

Reducing Risk, Achieving Results

Since successfully completing the application onboarding process, external auditors have performed certifying audits for applications at the pharmaceutical company. Oracle Identity Manager was used to provide audit reports as required for the validation done by the auditors. IT leaders have been satisfied with the results, and that the system performed just as expected.

To learn more, go to

This advertorial was originally published in the January/February 2016 edition of Oracle Magazine.