Automating identity and access management to reduce costs

One Identity partners have helped Jumbo Supermarkets to maximise its investment in One Identity Manager

Jumbo is the second-largest supermarket chain in the Netherlands and operates 700 stores. A family-owned business, its history extends back to 1921 when Johan van Eerdt – great uncle of current chairman Karel van Eerd – started a wholesale business in Veghel.

Today, Jumbo has a market share of 21%, 60,000 staff and an annual turnover of €8.4 billion. It has grown significantly in the last few years, following several acquisitions, and has invested in ecommerce technology to support its successful omnichannel retail strategy. The company recently opened its first four supermarkets in Belgium.

KEEPING TRACK OF JOINERS, MOVERS AND LEAVERS Jumbo’s retail business is seasonal, so it hires staff to cope with fluctuating customer demand. Like most retailers, it also has a relatively high turnover of store employees, which means identity and access management (IAM) would be a time-consuming task if the in-house IT team had to do it manually.

As a result, Jumbo had already invested in One Identity Manager and had also outsourced overall management of the system to One Identity partner The Identity Managers. “We are a supermarket. Selling goods is our core business,” says Sicko van der Brug, team lead and product owner, Identity Access Management at Jumbo Supermarkets. “Our strategy is to consider many other tasks for outsourcing.” The Identity Managers specialises in IAM, including identity governance and administration. It is responsible for Jumbo’s authorisation management, and also provides guidance on continuous improvements to identity and access governance and control. As well as delivering technical support for Jumbo’s One Identity Manager implementation, the partner also helps to develop new functionality.

MONITORING AND OPTIMISING ONE IDENTITY MANAGER WITH ARGOS Identities are at the heart of any digital ecosystem, including Jumbo’s. One of the biggest risks that Jumbo faces is disruption to its business caused by errors in the identity data or in identity management processes or systems. Incidents relating to the incorrect use of identities could lead to empty stores, due to employees being unable to log in to cash registers or to undertake inventory management. To guard against these operational risks, The Identity Managers uses Argos, a tool provided by AspisID, to monitor and optimise technical support on One Identity Manager at Jumbo.

Although Jumbo made the original decision to use Argos, The Identity Managers has now adopted the tool itself and works successfully with AspisID to continuously improve it and provide a first-class service to Jumbo.

AspisID created Argos to help itself and its partners support customers using One Identity Manager in the most effective way possible. With Argos, customers no longer have to be continuously logged in to their networks, checking for problems. The tool enables Jumbo to take action immediately when an incident occurs, even before end users themselves notice that something is wrong.

“A big benefit of Argos, compared to other tools, is that it is specifically made for One Identity and the developers at AspisID have extensive knowledge of One Identity software,” says Van der Brug. “Argos is delivered as a service and fits in perfectly with Jumbo’s strategy to consider non-core processes for outsourcing.” Jumbo outsources the technical maintenance of One Identity to The Identity Managers. Its job is to keep the One Identity system up and running, although responsibility for governance and compliance remains with Jumbo.

“We need to maintain continuously high levels of security and governance, which is why we want our IAM system to be closely monitored at all times,” explains Van der Brug. “That’s also why we implemented Argos and asked The Identity Managers to use it, too. It means we can monitor The Identity Managers’ activity and work with them when incidents occur. We also collaborate in developing new queries and use cases for the tool.”

REDUCING THE COST OF IAM SUPPORT Before using Argos, Jumbo monitored One Identity Manager only during the working day. Now, The Identity Managers supervises the status of Jumbo’s IAM system 24/7. If incidents occur, Argos automatically picks them up and informs The Identity Managers support team. By having 24/7 monitoring on One Identity Manager, the potential impact of incidents on the business are kept to a minimum, along with support costs.

“We live by our everyday low prices formula,” says Van der Brug. “To successfully deliver it, we also need everyday low costs. Process efficiency is an important driver for our successful use of IAM and we want to lower technical support costs as much as possible. Every euro we save by automating Identity and Access Management support can be returned to our customers through lower prices.” The Identity Managers uses Argos to implement notifications for the events it monitors for Jumbo. One example is when the human resources (HR) load fails, which could prevent large groups of people being able to work after being entered into the HR system. The Identity Managers is notified of this happening outside office hours by a push message on a mobile phone, so that it can be quickly and easily resolved within 24 hours.

The progress of IT requests is also monitored. The Identity Managers is automatically alerted when servers are running slowly, for example, which means users don’t need to log performance issues. It has an overview of these events in a dashboard and configures which notifications Jumbo wants to receive and when—for example, within office hours or on a 24/7 basis. It then decides who should receive notifications and how, whether that’s by email or text message.

The Identity Managers can plan and configure events to trigger notifications, depending on event severity. For example, a high-priority incident occurring overnight triggers an immediate mobile notification, while other events will trigger a text message that arrives during office hours. This approach makes incident monitoring efficient for both The Identity Managers and Jumbo.

DELIVERING SECURITY AND COMPLIANCE The Identity Managers provides monthly reports to Jumbo about the incidents and technical events that have occurred. This means Jumbo can easily monitor the technical performance of its IAM environment and The Identity Managers’ performance, without having to be involved in day-to-day operational processes. For auditing purposes, The Identity Managers configures queries that trigger notifications for events that might be suspicious, then sends messages to the department responsible.

Quotas are a good example of how The Identity Managers makes use of the combined capabilities of One Identity and Argos. Easily set up within the One Identity tool, quotas prevent large numbers of changes to the environment being carried out before an authorised person is able to review them. Using Argos, The Identity Managers has been able to set these quotas fairly strictly. An active push notification is sent to The Identity Managers when the quotas are reached, so it can review before there are any issues for end users. This helps to safeguard the security and compliance of the Jumbo environment.

Jumbo and The Identity Managers work together to continuously build on the capabilities of Argos to manage new types of incidents as they happen. Recently, they have focused on data integrity incidents. Jumbo has automated system access control, allowing the retailer to manage a massive organisation with a small support team.

By having active controls when people are added to functions that won’t grant them the proper access, Jumbo can have trust in the automation of role creation. It is actively alerted when new issues emerge and knows that once again The Identity Managers technical team will tackle them.

“When any new type of incident occurs, The Identity Managers and my team investigate why it has happened and set up a new alert in Argos,” explains Van der Brug. “This way, we maintain a constant improvement process for new incidents.”

The benefits of Jumbo’s collaboration with The Identity Managers and Argos include security, governance and cost reduction. Jumbo can be confident that it is managing the way its employees join, move around and leave the business as efficiently as possible, while enabling its internal teams to focus on other tasks.

“Because The Identity Managers work with Argos, I no longer have to worry about constantly monitoring our systems. I can be certain that no news is good news and I receive an alert only when a really serious incident occurs,” says Van der Brug. “Our employees and technical support staff can use their capacity for other value-added activities.”

Working in partnership with The Identity Managers and Argos means Jumbo has achieved its aim to optimise One Identity Manager monitoring with an efficient outsourced service. Van der Brug concludes: “Before Argos, we looked at our One Identity IAM systems only within office hours. Now we have 24/7 monitoring, but without a big increase in costs.”

ABOUT ONE IDENTITY One Identity, a Quest Software business, lets organisations implement an identity-centric security strategy, whether on-prem, in the cloud or in a hybrid environment. Learn more at OneIdentity.com