Simeio & CyberArk’s Centralized Identity Solution
Industry: Energy | Size: 5k-10k | Annual Revenue: $1- $5 BN | Service Area: North America
The Challenge: High Stakes Digital Transformation and Compliance
A leading U.S.-based energy provider—serving nearly two million customers and operating one of the region’s nuclear facilities—faced mounting pressure to modernize its identity and access management (IAM) program. The primary driver was the need to meet strict regulatory standards, specifically the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) requirements.
The existing IAM platform lacked scalability, centralized governance, and automated controls—making compliance efforts time-consuming, manual, and prone to error. With limited internal IAM expertise, the organization struggled to implement access reviews, maintain entitlement hygiene, and manage visibility across applications and systems inherited from multiple legacy environments.
Additionally, the company had recently merged two major utility organizations, further complicating its identity infrastructure. What the client needed was not just a technology upgrade—but a partner capable of delivering a unified, compliant, and scalable IAM platform that could reduce operational risk and improve audit readiness across the enterprise.
Simeio Competitive Edge
Before engaging Simeio, the client’s identity landscape lacked maturity and cohesion. Their SailPoint deployment was underutilized, there was no privileged access management (PAM) strategy in place, and leadership had limited exposure to IAM as a dedicated practice. Without a clear vision or governance model, the organization struggled to align its security goals with regulatory requirements and operational needs.
Simeio had been a trusted identity partner since 2006, originally working with one of the client’s predecessor organizations. When the merger occurred in 2018, forming the current enterprise, Simeio was selected to help design and implement a unified IAM strategy that could span both entities. The deciding factor was Simeio’s ability to deliver complex identity transformations in highly regulated industries—paired with deep expertise in SailPoint and CyberArk technologies. Their history with the organization and ability to support IAM from strategy through execution set them apart from other service providers.
Comprehensive Solution
To meet the client’s business-critical need for NERC CIP compliance, Simeio began by expanding and optimizing the client’s SailPoint implementation, migrating over 11,000 identities and onboarding 120+ applications. Simeio also integrated CyberArk’s Privilege Cloud and Central Credential Provider, bringing PAM under centralized governance for the first time.
Simeio’s advisory team performed an annual IAM Maturity Benchmark to track progress and identify evolving needs. Based on those findings, they helped implement over 700 roles and designed custom reports to support ongoing audit readiness and regulatory compliance.
The result was a secure, scalable IAM program tailored to the utility’s operational model—balancing compliance with efficiency and preparing the client for future growth and audit demands. Centralized control, automated access reviews, and least-privilege enforcement drastically reduced risk and improved visibility across the organization.
Transformative Results
11,000 identities successfully migrated from legacy platforms
120+ applications onboarded to a centralized identity governance framework
700+ roles defined and implemented for stronger access control
Audit readiness dramatically improved with automated reporting and review workflows
PAM capabilities introduced and integrated via CyberArk, securing privileged credentials
Ongoing maturity benchmarking established to drive continuous improvement and business alignment
