Following years of growth and acquisition, Penn Entertainment faced fragmented identity systems, inconsistent access controls, and authentication models that created friction for frontline employees and risk for the business. Traditional MFA approaches proved impractical in high-security environments, and workarounds introduced operational inefficiencies and compliance concerns. At the same time, the organization needed to standardize and secure third-party access—one of the most common attack vectors in an industry frequently targeted by cyber threats—while adhering to dozens of state gaming board regulations. 
What began as an effort to stabilize access evolved into a strategic enterprise-wide identity and access management (IAM) modernization initiative. By standardizing authentication, implementing vendor privileged access management, streamlining application access, and modernizing lifecycle management, the organization transformed identity from a source of friction into a measurable business enabler. The results included significant reductions in support burden, improved workforce productivity, stronger access governance, and a more resilient security posture for both internal and external users, and a more resilient security posture across dozens of geographically distributed sites. This session will share practical strategies for modernizing IAM in regulated industries while reducing third-party risk, improving usability, and demonstrating measurable business value.