Part 1 of 3 in our series about Identity Access Management for Retailers.
Retail businesses have always been customer-centric, but the definition of customer-centricity has changed. In the past, consumers were satisfied with attentive store associates and broad selections of goods. Now, they want a digital experience as well, and even if they’re not shopping online, they want to know they can trust a merchant to protect their personal data.
And there’s plenty of data. Merchants are gathering customer data in unprecedented volumes, and those data stores are particularly attractive targets for cyber criminals. Last year alone, Kmart, Forever 21, Saks, and Brooks Brothers were just a few of the brands that made headlines when they failed to protect customer data from attackers.
These thefts don’t go unnoticed by consumers. According to the KPMG Cyber Consumer Loss Barometer, 20 percent of shoppers surveyed said they’d stop shopping at a brand if it were breached. Over 30 percent said they’d postpone shopping at a breached brand for three months. Adding to the cost of lost business are the costs of remediation, business disruption, legal expenses, identity repair and monitoring, regulatory penalties, and other clean-up costs, which average about $7 million for every breach.
Hackers may slip into a retail organization’s network by hopping over from a vendor’s network. A typical mid-sized vendor has hundreds or even thousands of trading partners, and no assurance that any one of those providers is mounting a strong defense of its networks.
Merchants may invest heavily in security, but many don’t pay enough attention to their greatest vulnerability: identity and access management. They might as well put their entire business into a giant safe and scribble the combination right next to the lock.
One might say, identity is today’s firewall.
How Optimal IdM Supports Retail Transformation
Merchants have traditionally relied on security solutions that focus on employee activities and internal security. These solutions were designed to manage a fixed number of users performing a set number of tasks. But that’s not how business works anymore. In addition to scaling access to accommodate seasonal employees, retail businesses need to be able to scale access for customers as well as software development teams and other technologists. And, of course, access must convenient for everyone; otherwise, customers will go elsewhere and internal users will lose efficiency and overload the support desk with calls for password resets.
Single Sign-On and Federated Identity
One way Optimal IdM helps merchants do business safely in the digital marketplace is with single sign-on (SSO). Federated SSO lets users log into multiple systems with one set of credentials. The credentials are stored at a trusted identity provider (IdP), like Optimal IdM’s secure LDAP repository, and then referenced by service providers (SP) — which are other applications or services that trust the IdP. For users, this translates into greater productivity and freedom from the frustration of multiple passwords in disparate, untrusted application directory silos.
Optimal IdM’s SSO Federation Broker can be setup as an IdP, SP/RP or reverse proxy. We support literally thousands of legacy on-premise applications (even custom applications developed internally) as well as virtually every SaaS application on the market.
Monitoring & Reporting
A single IdP (even one that is split up into multiple, redundant, load balanced and geo-distributed) allows for a single source of monitoring, reporting and troubleshooting. All authentication (AuthN) attempts can be logged and, optionally, dropped into third party SIEMs, like SPLUNK. Some customers take advantage of our embedded Virtual Directory technology into our SSO Federation Broker, to provide additional reporting detail. For instance, we can provide DN translation to show familiar names for users across hundreds of untrusted A.D. forests — e.g. to convert a nearly unusable A.D. SID into a familiar name like JOHN DOE. This one simple feature will take your reporting to a whole new level of productivity.
A Single Point of Management for Identity Security Access Policy
Additionally, Optimal IdM’s SSO Federated Identity solution also supports multi-factor authentication MFA at the Broker level and supports MFA policy in the cloud, on-premise, or in a hybrid environment. Realize that the most ubiquitous directory services vendor can’t reach to/from the cloud to on-premise in the same architecture. Nor can they provide the per-application/per-user support for MFA that Optimal IdM provides.
Virtual Directory Services
Optimal IdM’s Virtual Directory technology, Virtual Identity Server (VIS), is embedded into our SSO Federation Broker service and provides a unique differentiator. Brick and mortar retail environments which often have branch office servers, multiple A.D. forests, other LDAP directories distributed per store/branch can greatly benefit from our Virtual Directory technology. VIS provides a single view of all connected directory services (thousands of them) into a single management console — without synchronization.
VIS also provides an enhanced application environment that allows organizations to rapidly and easily deploy applications to existing multiple Active Directory forests or directories without extending the AD schema to third-party applications. Multi-forest Active Directory gives organizations a single real-time view of identity data from any data store.
For more information on Optimal IdM’s Virtual Directory, download our 101 Uses for a Virtual Directory whitepaper.
Migrating from one LDAP directory to another (e.g. from SUN to Active Directory or even consolidating A.D. forests) is a complex challenge that many businesses avoid or pay hundreds of thousands of dollars in consulting dollars to consolidate. VIS can easily and immediately, solve that problem by emulating the old LDAP platform while proxying requests to the new LDAP environment. Merchants can make decisions based on what they want to do, not on what their directories will allow.
Optimal IdM’s Virtual Directory may be the missing piece for retail brick and mortar implementations.
In part II and III of this blog we’ll go into more use cases for Optimal IdM’s SSO Federation and Identity Services as well as how we help with ecommerce. Request a free trial today.