In the modern business world, access governance is of critical importance to enterprises. Today, it is vital that organisations not only know who has access to what data, but also how these people were granted that access. After all, when employees, temporary employees, contractors and partners have inappropriate access to information resources, companies are subject to serious compliance and business risks.
As a group that has over 600 stores, thanks to its market-leading retail brands Clicks, Musica, The Body Shop, GNC and Claire’s, the Clicks Group is the type of enterprise that clearly needs effective control over its access management.
Of course, says Iain Campbell, Head: Group IT Service Transition and Governance at Clicks, controlling the access management aspects of such a large organisation is obviously not easy.
“One has to, for example, take into account the many and varied non-affiliated people who may require access at any one time. Such individuals include locums in pharmacies and any number IT contractors who may have been commissioned to do a specific job onsite. Should any of these individuals have access that violates security policies and regulations or that is inappropriate for their current jobs, it would pose a risk to the business.”
Campbell explains that the Clicks team identified very specific business drivers for implementing more stringent Identity and Access Governance processes. These included ensuring enhanced access management controls, managing the risks around bring your own device (BYOD), managing the risks around internal network access and the need for security infrastructure monitoring controls.
“Clicks turned to Ubusha to assist it in solving the challenges these business drivers represented. The main challenges revolved around identity governance, access governance, mobile device management, security information and event management and data governance.”
He adds that Ubusha suggested that the most effective way to address these requirements was to start off by establishing a solid Identity Governance foundation. To this end, Ubusha initiated a phased implementation of the SailPoint IdentityIQ software.
Sailpoint IdentityIQ is a governance-based Identity and Access Management (IAM) software solution that delivers a unified approach to compliance, password management and provisioning activities for applications running on-premises or from the cloud. It is ideal for those large organisations that wish to tailor their solution to align with unique business needs.
“Our first priority was to improve Clicks’ processes as they relate to user access provisioning, access review and access de-provisioning activities. The increasing scale of the Clicks Group has made it impractical to continue with their existing manual methods and processes” says Lodewyk de Beer, Senior Consultant at Ubusha Technologies.
“In the first phase, we focused on reducing the delays in providing new users with access to identified systems and also reducing the delays and eliminating the errors in removing terminated user access to key systems once they leave, are suspended or retrenched. In addition, Sailpoint IdentityIQ helped Clicks to alleviate pressures on its IT department, by reducing the time and effort required for IT to fulfil access-related responsibilities and tasks, while also providing non-repudiated audit reports on all access provisioning activities.”
“The initial results of this project have been an unmitigated success, with the Clicks Group experiencing an immediate reduction in risk exposure, due to the reduction in use of shared accounts by internal IT staff. Furthermore, the group has also witnessed a direct saving in the cost of compliance to internal and external audit requirements and external regulatory needs. The Clicks Group now has access to a complete centralised governance-based identity and access management solution that will keep their business users productive and their business safe even in today’s dynamic, data-driven environment,” concludes Campbell.