Automating identity and access management to reduce costs
One Identity partners help Jumbo Supermarkets maximise its investment in One Identity Manager
Jumbo is the second-largest supermarket chain in the Netherlands and operates 700 stores. A family-owned business, its history extends back to 1921, when Johan van Eerdt—great uncle of current chairman Karel van Eerd—started a wholesale business in Veghel.
Today, Jumbo has a market share of 21 per cent, 60,000 staff and an annual turnover of €8.4 billion. It has grown significantly in the last few years following several acquisitions and has invested in ecommerce technology to support its successful omnichannel retail strategy. The company recently opened its first four supermarkets in Belgium.
Keeping track of joiners, movers and leavers
Jumbo’s retail business is seasonal, so it hires staff to cope with fluctuating customer demand. Like most retailers, it also has a relatively high turnover of store employees, which means identity and access management (IAM) would be a time-consuming task if the in-house IT team had to do it manually.
As a result, Jumbo had already invested in One Identity Manager and had also outsourced overall management of the system to One Identity partner The Identity Managers.
“We are a supermarket. Selling goods is our core business,” says Sicko van der Brug, team lead and product owner, Identity Access Management at Jumbo Supermarkets. “Our strategy is to consider many other tasks for outsourcing.”
The Identity Managers specialise in IAM, including identity governance and administration. They are responsible for Jumbo’s authorisation management, and they also provide guidance on continuous improvements to identity and access governance and control. As well as delivering technical support for Jumbo’s One Identity Manager implementation, the partner also helps to develop new functionality.
Monitoring and optimising One Identity Manager with Argos
Identities are at the heart of any digital ecosystem, including Jumbo’s. One of the biggest risks that Jumbo faces is disruption to its business caused by errors in the identity data, or in identity management processes or systems. Incidents relating to the incorrect use of identities could lead to empty stores due to employees being unable to log in to cash registers or to undertake inventory management. To guard against these operational risks, The Identity Managers use Argos, a tool provided by AspisID, to monitor and optimise technical support on One Identity Manager at Jumbo.
Although Jumbo made the original decision to use Argos, The Identity Managers have now adopted the tool themselves and work successfully with AspisID to continuously improve it and provide a first-class service to Jumbo.
AspisID created Argos to help itself and its partners support customers using One Identity Manager in the most effective way possible. With Argos, customers no longer have to be continuously logged in to their networks checking for problems. The tool enables Jumbo to take action immediately when an incident occurs, even before end-users themselves notice that something is wrong.
“A big benefit of Argos compared to other tools is that it is specifically made for One Identity, and the developers at AspisID have extensive knowledge of One Identity software,” says Van der Brug. “Argos is delivered as a service and fits in perfectly with Jumbo’s strategy to consider non-core processes for outsourcing.” Jumbo outsources the technical maintenance of One Identity to The Identity Managers. It’s their job to keep the One Identity system up and running, although responsibility for governance and compliance remains with Jumbo.
“We need to maintain continuously high levels of security and governance, which is why we want our IAM system to be closely monitored at all times,” explains Van der Brug. “That’s also why we implemented Argos and asked The Identity Managers to use it too. It means we can monitor The Identity Managers’ activity and work with them when incidents occur. We also collaborate in developing new queries and use cases for the tool.”
Reducing the cost of IAM support
Before using Argos, Jumbo monitored One Identity Manager only during the working day. Now, The Identity Managers supervise the status of Jumbo’s IAM system 24/7 If incidents occur, Argos automatically picks them up and informs The Identity Managers support team. By having 24/7 monitoring on One Identity Manager, the potential impact of incidents on the business are kept to a minimum along with support costs.
“We live by our everyday low prices formula,” says Van der Brug. “To successfully deliver it, we also need everyday low costs. Process efficiency is an important driver for our successful use of IAM, and we want to lower technical support costs as much as possible. Every euro we save by automating Identity and Access Management support can be returned to our customers through lower prices.”
The Identity Managers use Argos to implement notifications for the events they monitor for Jumbo.
One example of items being monitored is when the human resources (HR) load fails, which could prevent large groups of people being able to work after being entered into the HR system. The Identity Managers are notified of this happening outside office hours by a push message on a mobile phone so that it can be quickly and easily resolved within 24 hours.
The progress of IT requests is also monitored. The Identity Managers are automatically alerted when servers are running slowly, for example, which means users don’t need to log performance issues.
They have an overview of these events in a dashboard and configure which notifications Jumbo wants to receive and when—for example, within office hours or on a 24/7 basis. They then decide who should receive notifications and how, whether that’s by email or text message.
The Identity Managers can plan and configure events to trigger notifications depending on event severity. For example, a high-priority incident occurring overnight triggers an immediate mobile notification, while other events will trigger a text message that arrives during office hours.
This approach makes incident monitoring efficient for both The Identity Managers and Jumbo.
Delivering security and compliance
The Identity Managers provide monthly reports to Jumbo about the incidents and technical events that have occurred. This means Jumbo can easily monitor the technical performance of its IAM environment and The Identity Managers’ performance without having to be involved in day-to-day operational processes.
For auditing purposes, The Identity Managers configure queries that trigger notifications for events that might be suspicious, then send messages to the department responsible.
Quotas are a good example of how The Identity Managers make use of the combined capabilities of One Identity and Argos. Easily set up within the One Identity tool, quotas prevent large numbers of changes to the environment being carried out before an authorised person is able to review them.
Using Argos, The Identity Managers have been able to set these quotas fairly strictly. An active push notification is sent to The Identity Managers when the quotas are reached so they can review before there are any issues for end users. This helps to safeguard the security and compliance of the Jumbo environment.
Jumbo and The Identity Managers work together to continuously build on the capabilities of Argos to manage new types of incidents as they happen. Recently, they have focused on data integrity incidents. Jumbo has automated system access control allowing the retailer to manage a massive organisation with a small support team.
By having active controls when people are added to functions that won’t grant them the proper access, Jumbo can have trust in the automation of role creation. It is actively alerted when new issues emerge, and know that once again again allowing The Identity Managers technical team will tackle them.
“When any new type of incident occurs, The Identity Managers and my team investigate why it has happened, and set up a new alert in Argos,” explains Van der Brug. “This way, we maintain a constant improvement process for new incidents.”
The benefits of Jumbo’s collaboration with The Identity Managers and Argos include security, governance and cost reduction. Jumbo can be confident that it is managing the way its employees join, move around and leave the business as efficiently as possible, while enabling its internal teams to focus on other tasks.
“Because The Identity Managers work with Argos, I no longer have to worry about constantly monitoring our systems. I can be certain that no news is good news, and I receive an alert only when a really serious incident occurs,” says Van der Brug. “Our employees and technical support staff can use their capacity for other value-added activities.”
Working in partnership with The Identity Managers and Argos means Jumbo has achieved its aim to optimise One Identity Manager monitoring with an efficient outsourced service. Van der Brug concludes: “Before Argos, we looked at our One Identity IAM systems only within office hours. Now, we have 24/7 monitoring, but without a big increase in costs.”