id is the new firewall

Part 2 of 3 in our series about Identity Access Management for Retailers.

In part one of our retail blog series we discussed protecting consumer identity. Read on as we discuss other identity issues retailers face. Every customer vertical has unique needs related to identity management. Retail has several. Retail companies have many branches and a transitional workforce outside the home office, which include contactors and seasonal workers. Because of this, retail is being hacked from within and from exterior forces in the branch offices. As you read a few of these examples, remember this: “Identity is today’s firewall!”

Employee Turnover

Median turnover rates for part-time retail workers have been as high as 74.9 percent in 2013. Every admin who administers a directory service is aware of the amount of work it takes to provision and deprovision users to each application a new employee needs to use. Productivity in retail requires quick access to systems and services in the stores; however, most organizations do not have the same urgency to deprovision (disable or delete) a user account in the directory service(s) when they leave. Often there are thousands of orphaned accounts in those systems. Not to mention, the primary concern for a terminated user is immediate, real-time denial of access. Many identity management vendors cannot provide real-time access denial as their systems rely on a synchronization cycle between directory services and possibly some workflow decisions between systems, like HR and payroll. While the workflow could kick off immediately, there could be a significant waiting time for the synchronization cycle to complete. This window of time waiting on a synchronization cycle (or even on a helpdesk or admin to manually disable/delete/deny access) puts you at risk during that window of time.

Disconnected Directory Services

Islands of disconnected directory services put retail companies at risk. Orphaned objects, privileged accounts, lack of password policies are just a few of the issues that lead to major security issues. Multiple A.D. Forests provide another obstacle. Often companies pay hundreds of thousands of dollars to pull in consulting services to consolidate and/or migrate many forests into just a few. This, in our view, is often a waste of time, resources and money. What if you could connect, manage and authenticate to hundreds of A.D. forests in a matter of moments? #OptimalDifference

Unique Workflow

Optimal IdM’s customers have often asked us to tackle unique workflow and customization needs in the authentication process. Most vendors are not able to meet these needs because they offer a cloud option that requires companies adopt to that vendor’s offering — often at a compromise of compliancy or secure business processes. But Optimal IdM is different.

Why Optimal IdM is Different

Optimal IdM provides a distinctly separate, siloed, single-tenant private cloud solution to each and every customer. You share nothing with our other customers. This means we are able to adapt and customize our offering to your business and compliancy requirements, rather than vice versa. Optimal has some of the largest, most complex federation implementations on the planet. With our concierge services (included in all of our solutions), customers simply call us with needed customizations and configuration changes, and we’ll do them for you — no expertise needed in your staff. Learn more about the OptimalDifference. Call or contact us today.


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.