How Wabtec Protects its Trains, Customers, and Bottomline from Downtime and Disruption

To keep a business thriving, it takes a good product, a lot of talent, and shrewd leadership. To build Wabtec—a leading global provider of equipment, systems, digital solutions, and value-added services for the freight and transit rail sectors—it took all the same ingredients, plus a heap of visionary thinking.  

Although Wabtec was only formed in 1999, the company is almost entirely comprised of legacy companies that achieved major breakthroughs in the rail sector, including GE Transportation. Now, Wabtec is a major player in the rail industry with more than 27,000 employees in over 50 countries. The company also monitors 17,000 locomotives across 2.5 million data points. This growth doesn’t always come easy.

“One of our largest challenges with the GE Transportation merger was that we were working with two very complex environments, and we needed to develop a new identity access management strategy in just eight weeks,” says Deanna Shannon, Wabtec’s manager of technical operations. 

Increasing insight with consolidation 

Shannon decided to start with consolidation. By establishing a single source of truth for all digital identities, Wabtec would improve the user experience for external stakeholders like business partners and customers. “We needed to ensure our business partners had access to the things that they needed to support our organization,” says Shannon. “We also wanted to be able to see what our customers were accessing, and develop a better understanding of how to serve them.”

To accomplish this, Wabtec needed to be able to clean and understand the external data tied to its users. “This also means reducing the administration of IDs,” says Shannon. “One thing that I think is a challenge across many organizations, is that there are often multiple IDs for the same person.”

A unified environment would also improve the IT team’s ability to maintain strong security, and increase productivity by simplifying administrative processes. After some consideration, the company decided to reverse-engineer existing systems and build out an entirely new infrastructure supported by modern identity products.   

Increasing long-distance control 

In addition to providing rail equipment, Wabtec also assists with railway monitoring, maintenance, and repairs. Since the company was embarking on a greenfield initiative, it saw an opportunity to improve the customer service experience while reducing overhead costs—by leveraging the Internet of Things (IoT). With sensors in place, Wabtec could receive near-instant notification of rail disruptions, including train breakdowns. 

There were other use cases as well: “With that technology in place, someone at our service desk can use virtual reality glasses to direct repairs on a very critical locomotive,” says Shannon. “These are large-scale costly assets that need to spend their time on the rails and not in the shop.” 

First, however, the company needed to build robust identity profiles for each train. “We need to know who they belong to, where they typically operate, and what the climate is like,” says Shannon. “And it's not just about security. Monitoring access is critical to understanding how you can use these assets to add value.”

An all-in-one identity solution

After exploring a number of options, the company found everything it needed in Okta's unified, extensible platform. It adopted a full suite of identity products, including Universal Directory, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Lifecycle Management, Advanced Server Access, API Access Management, and Access Gateway. Together, these products would be powerful enough to support Wabtec’s workforce and CIAM use cases. These included: 

  • Unifying access to all Wabtec apps
  • Improving the sign-on experience for all users
  • Enhancing security on all devices and any applications 
  • Increasing password self-service capabilities
  • Consolidating internal and external user management 
  • Enabling applications to use the latest authentication standards
  • Increasing security, integrating directly into monitoring tools 

“This platform allows us to continue to expand and absorb new use cases, as we explore ways to drive innovation and development by synthesizing our two organizations,” says Shannon. “When you see the first person put on their VR goggles and guide someone through a local repair, all the IT work is worth it. 

A major migration made manageable 

Migrating 500 applications and 12,000 IDs in just 24 months could have been a daunting endeavor. Fortunately, Wabtec was able to access specialized Okta expertise through Okta’s Professional Services, Education Services, and a dedicated Customer Success Manager. 

Wabtec began by eliminating duplicate identities and migrating all user data into Universal Directory. Next, it applied SSO across the board and, with the help of its Customer Success Manager, Wabtec rolled out two major integrations: O365 and ServiceNow.  

The company needed to retain some of GE’s on-premises apps, which they were able to connect using Access Gateway. The prebuilt integrations available through the Okta Integration Network eased the IT team’s workload as well.

Finally, Wabtec added extra layers of security and visibility across the entire environment using MFA and Advanced Server Access.

Convenience and security for all users 

In the end, the company was able to quickly unify identity management for multiple groups of employees, while continuing to provide everyone with the tools and access they need to do their jobs.

Wabtec is also thrilled with its new, enhanced user experience, which includes streamlined access to over 40 apps. Now, it’s easier than ever for customers to access the services they need, quickly and securely.

The company’s environment is also more secure, both internally and externally. “Okta really drives and increases our security,” says Shannon. “It integrates directly into many monitoring tools. It also helps us enhance self-service password capabilities. If you think about the service and support burden of password resets, self-service becomes a critical component in streamlining and automating as much as possible.”

An ongoing commitment

Moving forward, Wabtec will continue to improve its user experience, security posture, and flexibility. These efforts will include ensuring all customers are Okta-federated, continuing to review and clean up data, expanding its use of Okta Access Gateway, and applying MFA to its augmented reality projects. 

To learn more about how Wabtec is using innovative technology to help rail operators keep their trains on-track, watch this video featuring Deanna Shannon.