Honeywell, a Fortune 100 company, had a successful experience upgrading to PingOne Advanced, according to Davis Arora, Senior Director of Cybersecurity on the Honeywell global security team. In a webinar called Increase Efficiency: Migrate Your Ping Software to Our Cloud, Arora describes himself as the “one throat to choke for identity” and shares how Honeywell leverages Ping Identity for authentication/authorization for both their workforce and customer revenue-generating apps. As of 2022, they had ~1,000 applications integrated with PingOne Advanced.
The company had several drivers for moving its Ping software to Ping’s cloud. The biggest C-level and business stakeholder concern was to improve resilience and redundancy and to support customer revenue-generating applications and services with 99.99% availability. Although it was not impossible, the security team previously found it challenging to avoid outages for upgrades and patches and sometimes experienced outages due to dependencies on other on-premises services. Additionally, they wanted to solve the problem of resource constraints on the SSO team by forgoing bug fixes, patches, upgrades, and in-depth knowledge needed to keep the on-premise software live, available, and meeting business stakeholder demands. Another major driver was that they simply wanted to get out of the business of hosting such a critical service in their on-premises global data centers.
One of the biggest challenges was overall change management across the business. Honeywell has four distinct business groups in aerospace, building technologies, performance materials, and safety solutions. This means that the global security team caters to the diverse needs of each business group, each with its own specific set of products, services, and customer base to ensure that global identity services are scalable and flexible enough to meet their specific requirements. In preparation for this migration, the Honeywell global security team partnered with all their application teams within each of the different businesses and enterprise IT to understand their needs. They used those requirements to streamline their standard code patterns and intake forms for application owners to easily onboard apps and enroll their apps in centralized, adaptive risk-based MFA services. They delivered these instructions with significant training that helped application owners understand how they could have modern IAM services and higher availability, redundancy, availability, and security with MFA everywhere.
Honeywell took a phased approach, spinning up and down different levels of support with migration for different application teams, depending on their expertise or support model. In just 90 days, they got the environment up and ready for production. Starting in January 2022, they stopped allowing any new applications to be onboarded to the on-premises PingFederate environment, and instead, all new applications were onboarded to PingFederate in the PingOne Advanced environment. Since then, they have migrated 700-750 applications previously leveraging the on-premises service. They also put in place an enterprise-wide request for application owners to integrate with the SSO service every time they roll out a new app to the enterprise or customers, making it easy for applications to deliver seamless authentication services using integrations like Windows Hello for business.
Honeywell completed their journey in 2022 by deprecating the on-premises PingFederate instances. The next evolution for Honeywell is currently around cross-connecting specific technologies to build a Zero Trust ecosystem, leveraging PingOne DaVinci as that orchestration layer to effectively deal with device, network, and user validation continuously.