The IAM Checklist: Retail Identity and Access Governance Best Practices for Success
By Jay O’Donnell, N8 Identity
Imagine you are at in a major department store’s corporate headquarters as your team prepares numbers for the upcoming holiday season. The frenetic pace of retail holiday hiring can frazzle even the most experienced manager, and diligently checking every box in the employee onboarding process can seem laughably optimistic in the rush to find, hire and get as many employees as possible going in a matter of days.
Beside horrendous identity and access management challenges, retailers must also grapple with regulations – such as Sarbanes Oxley – that have shifted identity access management (IAM) from a specialized issue into a business-wide conundrum. If the retailer is to strengthen its IAM program with retail-specific best practices, the company must first determine which department is responsible for managing it.
The Business Sparks Identity Changes
Industry observers generally agree that IAM must be driven by business processes – instead of ad hoc actions – if it is to be successful. This is especially true for retail, where the business environment is too fractured and federated for an ad-hoc approach to employee access management to be effective.
The identity attributes of each employee (such as name, social security number, address and banking information) are used in three processes:
- Onboarding: When the employee is hired and his or her identity created;
- Responsibility changes: When he or she is promoted or assigned new responsibilities and changed; and
- Offboarding: When the employee leaves the organization and is removed.
When the retail business owners are involved – including human resources and store managers, as they usually own the majority of employee attributes – early in the development of an IAM program, retailers will significantly improve their ability to realize their IAM goals on time and on budget.
Continuous Compliance Can be a Reality
No other industry must manage employee churn at the same stratospheric rate that retailers do. An employee might be hired, onboarded, given access rights to a number of store systems and then leave the organization before corporate HR even knew that employee was hired at all. Even worse, retailers can find themselves in a situation where a new hire has been set-up in payroll, quits the job and is inadvertently paid before the paperwork catches up with the payroll department.
Making sure that employees are only given the access assigned to them under a clearly defined set of rules that align to the retailer’s corporate policy should be the primary goal of an effective identity governance initiative. By working with business divisions to set these policies up from the start, the retailer is able to create a culture of continuous compliance.
Use Compliance to Deliver ROI
Retailers are subject to narrow profit margins, meaning that even efficiencies of 1% can have a profound impact on the bottom line. Fortunately, putting business process into effect in support of compliance goals can also generate meaningful efficiency improvements and cost reductions throughout the whole company.
Managing the identity of employees centrally and developing proper business procedures enables retailers to:
- Bring new employees on board in minutes: Capturing attributes needed to create employee identities during onboarding and feeding this information to related systems gives employees the access they need to be productive on day one.
- Do away with data entry: A large retailer recently identified more than 90 attributes that comprise employee identity, and realized that these attributes were being manually re-entered up to ten times across the company. Once it began managing its identity administration centrally, the retailer was able to capture data with no re-entry, eliminating hundreds of redundant entries per employee.
- Slash costs of administration: When an IAM program is implemented effectively, major retailers should expect to realize annual savings of $120 to $150 per user per year. These cost reductions represent a net savings of $15 million for retailers with 100,000 employees.
Learn From History
There is hope for retailers seeking the ideal IAM combination. Below are some best for improving IAM processes:
- Get business involved: IT must engage with business leaders and HR in lay language and find common denominators.
- Build an identity warehouse: Conduct a thorough cleaning of identity data housed by various internal systems so there is easy reconciliation and clear visibility into employee access.
- Fix the controls: Implement procedures early in the business process and ensure they are followed, to derive the most value from an IAM program.
- Process, process, process: IT spends a significant portion of its time and budget on the repetitive work of managing identities. The retailer can realize measurable benefits from implementing processes that drive down wasted time and money.
- Go paperless: Going paperless with IAM liberates employees from the stacks of paper on their desks. An electronic IAM system can lighten the load across divisions by identifying holdups and shortening timelines.
- It’s all about prevention: Get away from the “putting out the fires” mentality. Proactive process control means that fires are prevented.
With the rise of omnichannel retail, consumers are challenging retailers’ business models. To remain competitive in an evolving market, retailers must take steps to minimize process inefficiencies and compliance problems. By using best practices, retailers can deploy better IAM processes throughout all departments, resulting in lower costs, compliance, quicker onboarding and boosted efficiency, results that keep the retailer competitive for today’s market.
Jay O’Donnell is the CEO and founder of N8 Identity and spearheads the continuing development of N8 Identity’s industry-leading solutions. One of the early pioneers of the identity and access management (IAM) industry, Jay initially founded an IAM consulting business in 2000.