BNSF Railway Company
Railroad Speeds IT User Identity Processes for More Efficient, Secure OperationsBNSF operates one of the largest railroad networks in North America, with 32,000 route miles of track covering 28 states and two Canadian provinces. The company manages an extensive technology infrastructure to support transporting a wide range of products and commodities across the continent. Based in Fort Worth, Texas, BNSF also maintains corporate offices in St. Paul, Minnesota, and Topeka, Kansas, as well as 300 remote locations throughout North America. Business Issues
SolutionThe first phase of the deployment of the Sun Java System Identity Manager took just 45 days, enabling BNSF to automate the management of 40,000 user identities across the IT environment. Now, the solution manages more than 100,000 user accounts across a broad range of enterprise resources.
Success at a GlanceThe BNSF Railway Company has a diverse workforce that ranges from groups such as IT and operations staff at corporate headquarters to train crews, track gangs and signal maintainers working from more than 300 remote field locations throughout North America. These employees and contractors require access to a diverse set of applications spanning multiple platforms, including Microsoft Windows, AIX and mainframe environments. The vast majority of users―between two-thirds and three-quarters of BNSF's staff―work in remote locations. One of the challenges of providing system and application access to this large, geographically dispersed user population is that many of them work on a contract basis, which means there tends to be high turnover and more risk involved in maintaining secure control over BNSF operations.
“
To have a single view of users and of all the places they have accounts is tremendous. We never had that before.
”
— Rick Perry, Director of Enterprise Security and Compliance, BNSF
The company wanted to make it as easy and efficient as possible for personnel to access the information they need to do their jobs. BNSF began searching for a comprehensive identity management solution in 1999, when it was operating in an increasingly complex IT environment and security was rising to the forefront of concerns. After reviewing all its options, BNSF found that only Sun Java System Identity Manager met all the criteria it had established for an integrated, enterprise-wide solution. BNSF implemented Identity Manager in 2001, and has since been able to dramatically improve security while increasing the efficiency of managing the access privileges of employees, contractors and partners. BNSF estimates that it has cut costs by more than 30 percent by automating traditionally manual, error-prone processes related to password reset and provisioning activities. In just 45 days, Identity Manager was deployed across both Microsoft Windows NT and Microsoft Exchange. By the end of the full 90-day implementation period, the solution was managing the companys IBM AIX, and RACF mainframe-based systems. BNSF later added Windows 2000 to the list of resources under Identity Manager management and has plans to add Lotus Notes to the list of managed resources as well. Leveraging Sun's unique agentless adapter technology, BNSF minimized the impact to its IT environment, saving significant deployment and maintenance time. Before implementing Identity Manager, BNSF managed identities and access privileges manually using individual, resource-specific tools and a variety of homegrown solutions. There was no guarantee that all accounts would be identified and shut down when a user needed to be deprovisioned. According to Rick Perry, BNSF’s director of enterprise security and compliance, the process was often inefficient and unproductive. Identity Manager now automatically creates basic computer accounts for new employees based on information in BNSF’s HR database. More importantly from a security standpoint, computer access is turned off automatically when users depart. With the Sun solution, “we've reduced the turnaround time on user requests for updates to existing accounts by up to 50 percent and have been able to expand the responsibilities of the user registration group,” Perry says. “Being able to turn access off effectively and completely when a contractor leaves our company is critical to the security of our overall IT environment,” Perry says. “Identity Manager makes it possible to be more responsive to the frequent requests for service that you have when so many people come and go. We couldn't efficiently manage that with the old method, and the process wouldn’t scale to meet future growth. Now, as we get more effective at managing accounts, we can be more responsive to our remote workforce.” As part of its commitment to increase responsiveness while operating efficiently, BNSF also recently deployed:
Looking ahead, BNSF expects that Identity Manager will play a critical part in accommodating a growing demand for system access by external users. “In the next two to three years, we might double or triple the number of external accounts we have now,” Perry says. “It could be up to 40,000 more―in addition to the 40,000 internal users we already have.” As more external users are granted access, Perry expects to take advantage of the delegated administration capability provided by Identity Manager, giving partners and customers the ability to use the Web to manage their own users’ accounts. Finally, Perry expects that enabling more external users to securely access BNSF’s systems will ultimately play an important part in creating new business opportunities for the railroad. “Traditionally, 80 percent of our business came from 20 percent of our customers,” he says. “But as the amount of access through the Web mushrooms, that can change. We'll see more opportunities in other spaces if we can manage the data and the relationships effectively. And Identity Manager will be an important part of that.” |
| |||
 |
|