Comment: Addressing identity and access management challenges in the retail sector

Identity and access management in the retail sector
Identity and access management in the retail sector

Retail organisations face a variety of special challenges when it comes to identity and access management (IAM). Tasks such as maintaining user accounts, passwords and permissions across multiple IT directories, keeping track of who accesses what, assigning role-based access privileges, and managing password resets are complicated by a number of issues that are specific to the retail sector.

One set of challenges stems from the retail environment itself. User provisioning work, as well as security risks, are exacerbated by high staff turnover rates and high numbers of seasonal and part-time staff members. Different brands and corporate identities frequently need to be handled in unique ways. Employees are often very geographically dispersed, and most locations rarely have IT staff on site.

Another identity and access management challenge for retailers is associated with regulatory requirements. All organisations that handle credit card payments, for example, are required to meet the Payment Card Industry Data Security Standard (PCI DSS), including a ‘one user, one ID’ policy designed to ensure that each access incident can be traced back to a specific individual in the event of a security breach. The regulation specifies 20 different guidelines that must be met for that unique ID requirement alone, covering issues from user identification and authentication to individual and shared account password management, password encryption and password policy environment.

A related problem is the rising use of online portals to give retail employees easy access to price lookups, real-time inventory levels, merchandising information and online training. Regulatory requirements such as PCI forbid the use of generic IDs because of the need for each user to be uniquely identifiable.

Also playing a role in the identity and access management challenge is the tendency for retail organisations to operate on the same legacy technology platform for up to a decade. Over the years, new systems are typically tacked on to achieve required novel functionality rather than integrated into a new business system. The result is a proliferation of directories and policies that significantly increases costs and data integrity risks, as well as complicating access monitoring and data protection issues.

While automating the provisioning and de-provisioning processes usually involves a lengthy and costly identity provisioning system deployment, many organisations begin the process of meeting their identity and access management challenges with enterprise single sign-on (ESSO) software that offers both rapid implementation and immediate ROI. Basic ESSO software allows users to access all their applications, databases and systems with a single Windows logon password, increasing security as well as meeting PCI requirements by strategies such as encrypting all application passwords and implementing strong password policies. Advanced sign-on systems also offer shared account management, log all access behavior, automatically reconcile a user’s identity with its rightful owner, integrate with identity management systems to streamline user provisioning, and more.

For these reasons, retail organisations around the world are ‘signing on’ to enterprise single sign-on technology as a cornerstone of their identity and access management initiatives. Fringe benefits include faster user logon, less user password frustration, improved productivity, and fewer password-related help desk calls. It’s an easy first step to bringing identity and access management under control.

John Handelaar is the VP of EMEA for Passlogix. Handelaar joined Passlogix in April 2005, and over his tenure, his efforts have spurred dramatic growth in Passlogix's EMEA presence from a few enterprise customers to more than 200. As the vice president of sales- EMEA, he is responsible for both direct and channel sales in Europe, the Middle East and Africa. Handelaar has spent over three decades in technology-related positions, with nine years in identity management that included work with Thor Technologies immediately before joining Passlogix.

Passlogix, Inc., is the developer of the v-GO Access Accelerator Suite, a leading solution set for speeding user access to applications throughout the extended enterprise by eliminating critical pain points in sign-on, provisioning and authentication processes. 

What’s hot on Infosecurity Magazine?