SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity



Similar documents
Global Headquarters: 5 Speen Street Framingham, MA USA P F

The organization decided that creating a more robust approach to customerfacing identity management represented a strategic opportunity.

IT as a Service Emerges as a New Management Paradigm in the Software-Defined Datacenter Era

IDC MarketScape: Worldwide Federated Identity Management and Single Sign-On 2014 Vendor Assessment

IDC MarketScape: Worldwide Federated Identity Management and Single Sign-On 2014 Vendor Assessment

Global Headquarters: 5 Speen Street Framingham, MA USA P F

"Why Didn't We Do It Sooner?" Deployment of a New BI Solution at The Pain Center of Arizona

HOL9449 Access Management: Secure web, mobile and cloud access

Global Headquarters: 5 Speen Street Framingham, MA USA P F

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

NCSU SSO. Case Study

SAS Enterprise Decision Management at a Global Financial Services Firm: Enabling More Rapid Implementation of Decision Models into Production

An Overview of Samsung KNOX Active Directory and Group Policy Features

Business Networks: The Next Wave of Innovation

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

The State of Mobility in the Enterprise in 2014: An IDC Survey of Devices, Platforms, Decisions, and Deployments

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Worldwide Cloud Systems Management Software 2013 Vendor Shares

IDC MarketScape: Worldwide Service Desk Management Software 2014 Vendor Analysis

IDC MarketScape: Worldwide Business Consulting Strategy for Digital Operations 2015 Vendor Assessment

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Converged and Integrated Datacenter Systems: Creating Operational Efficiencies

Worldwide Cloud Systems Management Software 2012 Vendor Shares

The Top 5 Federated Single Sign-On Scenarios

IDC MarketScape: Worldwide Service Desk Management Software 2014 Vendor Analysis

S o c i a l B u s i n e s s F r a m e w o r k : U s i n g P e o p l e a s a P l a t f o r m t o E n a b l e T r a n s f o r m a t i o n

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Worldwide Datacenter Automation Software 2013 Vendor Shares

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Sun and Oracle: Joining Forces in Identity Management

Kenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience

Elastic Path Helps a Global Software Company Boost Web- Based Revenue

Global Headquarters: 5 Speen Street Framingham, MA USA P F

COMPETITIVE ANALYSIS. Worldwide RDBMS 2006 Vendor Shares: Preliminary Results for the Top 5 Vendors IDC OPINION. Carl W. Olofson

INSIGHT. IDC's Social Business Taxonomy, 2011 IDC OPINION IN THIS INSIGHT. Scott Guinn

Global Headquarters: 5 Speen Street Framingham, MA USA P F

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

I D C M a r k e t S c a p e : W o r l d w i d e B u s i n e s s A n a l y t i c s B P O S e r v i c e s V e n d o r A n a l y s i s

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Well packaged sets of preinstalled, integrated, and optimized software on select hardware in the form of engineered systems and appliances

OPENIAM ACCESS MANAGER. Web Access Management made Easy

IDC MarketScape: Worldwide Digital Enterprise Strategy Consulting Services 2015 Vendor Assessment

VENDOR PROFILE. PHD Virtual Simplifying Data Protection for Virtual Environments IDC OPINION IN THIS VENDOR PROFILE

The increasing popularity of mobile devices is rapidly changing how and where we

I N D U S T R Y D E V E L O P M E N T S A N D M O D E L S. I D C M a t u r i t y M o d e l : P r i n t a n d D o c u m e n t M a n a g e m e n t

Microsoft Office 365: How the Hosted Exchange Server Is Redefining SMB Cloud IT Adoption

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

Identity. Provide. ...to Office 365 & Beyond

Worldwide Business Rules Management Systems 2011 Vendor Shares

W o r l d w i d e a n d U. S. M a n a g e d M o b i l i t y F o r e c a s t : U n i t e d S t a t e s L e a d s i n A d o p t i o n

INSIGHT. Symantec Optimizes Veritas Cluster Server for Use in VMware Environments IDC OPINION IN THIS INSIGHT SITUATION OVERVIEW. Jean S.

An Overview of Samsung KNOX Active Directory-based Single Sign-On

White paper December Addressing single sign-on inside, outside, and between organizations

Global Headquarters: 5 Speen Street Framingham, MA USA P F

managing SSO with shared credentials

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

ScienceLogic Offers Unified Infrastructure Monitoring and Analytics for Hybrid IT

Single Sign On. SSO & ID Management for Web and Mobile Applications

Worldwide Problem Management Software Market Shares, 2014: 3rd Platform Technologies and Delivery Models Drive Growth

Cirba Targets Software-Defined Infrastructure Control with Workload-Aware Predictive Analytics

Egnyte Cloud File Server. White Paper

Buyer Conversation: Enterprise Mobility Deployment in an ICT Era

Business Analytics Software- as- a - Service Case Study: Market Research Provider Delivers Data Through the Cloud

Cloud Contact Center Services Profile: LiveOps

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

How To Understand And Understand Cyber Group

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Worldwide Application Performance Management Software 2012 Vendor Shares

Sunrise Case Study: Accelerating the Marketing Process

IDC MarketScape: Worldwide Datacenter Infrastructure Management 2015 Vendor Assessment

IDC MarketScape: Worldwide Supply Chain Management Business Consulting Services 2014 Vendor Assessment

Worldwide Application Performance Management Software 2013 Vendor Shares

Glinda Cummings World Wide Tivoli Security Product Manager

Long Term Care Group Deploys Zerto for Data Protection and Recovery for Virtual Environments

VersaPay Automates the Accounts Receivable Process

Global Headquarters: 5 Speen Street Framingham, MA USA P F

IDC MarketScape: Worldwide Oracle Implementation Services Ecosystem 2014 Vendor Assessment

DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Transcription:

BUYER CASE STUDY SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity Sally Hudson IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com Security and identity figure prominently in today's socially networked, digitally exploding environment. Identity and access management (IAM) technologies are expanding and evolving to meet these needs on a worldwide basis. This is driven by market demand for the following, all of which have combined to drive revenue in this market: Trusted cloud computing and secure SaaS delivery models Secure access controls Adaptive authentication for endpoint devices, especially take your device home (TYDH)/bring your own device (BYOD) Software capable of enabling regulatory security and privacy compliance IN THIS BUYER CASE STUDY This IDC Buyer Case Study discusses SUPERVALU a public company based in Eden Prairie, Minnesota which has proactively deployed take your device home (TYDH) technology as a means of improving productivity and the bottom line. IDC interviewed Phillip Black, director of Identity and Access Management at SUPERVALU, and our discussion centered on the increased productivity and decreased costs that SUPERVALU has realized with the implementation of secure identity and access management (IAM) solutions when used with Apple ipad devices for employees. The process is transforming the way associates think about work; it's an activity, not a place. SITUATION OVERVIEW Organization Overview SUPERVALU's mission statement is to " provide America's neighborhoods with a superior grocery shopping experience enhanced by local expertise, national strength, and a passion for our customers." Filing Information: November 2012, IDC #237978, Volume: 1, Tab: Users Security Products: Buyer Case Study

Since its founding 135 years ago, SUPERVALU has grown into a retail network of more than 2,400 stores, serving more than 4,300 retail endpoints via supply chain and support services. According to the company's Web site, " the enduring mission of our approximately 135,000 employees has been to serve our customers better than anyone else could serve them." SUPERVALU operates one of the largest grocery supply chain networks in the country, with more than 21 million square feet of facilities strategically located to support its coast-to-coast retail operations and customers. Its distribution centers offer complete programs and support for the following departments: grocery, meat, produce, dairy, frozen foods, floral, bakery, deli, home and beauty care, general merchandise, and pharmacy. A large part of the innovative corporate culture can be seen in SUPERVALU's approach to information technology. In a proactive, counterculture measure, the company issued 2,200 Apple ipads to its retail store directors across all corporate locations effectively implementing BYOD in reverse, says Black. So far, this has paid off. According to Black, the effort has already proved itself in lower costs and increased productivity. But securing the devices with appropriate levels of access control in a rapidly changing business environment requires a comprehensive, sophisticated, and highly scalable identity-based infrastructure. Challenges and Solution SUPERVALU is the brand behind the leading retail grocer and pharmacy names so many are familiar with, including Albertson's, Acme, Lucky, Shaw's/Star Market, and Sav-A-Lot. In an organization of this size and diversity, successfully growing the business depends in a large part on the effectiveness of the technology. Secure and available access, single sign-on (SSO), and quick and easy provisioning/deprovisioning are critical to the operational health of the company. Challenges One of the primary IAM requirements was that SUPERVALU, a former Sun Microsystems customer, needed an OpenSSO upgrade. The retailer was looking for an SSO solution capable of supporting mobile and social technologies to leverage them for business advantage, especially as a means to increase employee productivity across SUPERVALU's stores and brands. Provisioning users and access is an enormous effort at SUPERVALU. The Identity and Access Management group receives 5,000 access requests per month. Right now, much of this process is manual. There are more than 4,000 Unix boxes, hundreds of domain applications, and hundreds of applications. With 180,000 people and more than 1,000 roles, a single access provisioning request can easily generate five subrequests. The provisioning needs to be centralized in a business-friendly way, says Black, and the company is utilizing the Oracle technology to facilitate this and provide quick and easy provisioning, which in turn increases productivity. From a TYDH standpoint, SUPERVALU was early on to see the benefits of leveraging identity-centric, secure business-to-employee applications. Actually, SUPERVALU refers to its employees as associates. There are 80 100 associates in the average size 2 #237978 2012 IDC

store. The ipad tablets allow managers to leverage custom-developed productivity applications, giving them real-time anywhere access to information and tools. Selection SUPERVALU is implementing Oracle Identity Management 11gR2 and is particularly pleased with 11gR2's ability to allow for specific configurations based on individual applications. It allows for customized, context-aware configuration based on sensitivity and risk. Announced earlier this year, Oracle Identity Management 11gR2 has three main categories: Oracle Identity Governance addresses access requests, provisioning, and certification. It is built on a single platform and offers users a single common user experience combined with rich analytics. Configured with a self-service shopping cart style interface, the software allows employees to request access and customize the interface entirely via the browser. It provides enhanced compliance reporting with multilevel certification. Significant to this release is the extension of identity governance to high-risk shared accounts with Oracle Privileged Account Manager. Oracle Access Management has been enhanced for mobile and social networking environments. Features include native mobile security and SSO, support for social sign-on (Twitter, FaceBook, Google, etc.), and REST APIs for custom and mobile application development. The OAM platform has also added support for multiple identity stores and multi-datacenter configuration and for enhanced third-party integrations and fraud detection capabilities. Oracle Directory Services includes proximity-based searching and virtual attributes that allow frequent updates to be made to the directory via locationbased services in support of mobile and social applications. An Optimized Solution for Oracle Unified Directory provides carrier-grade scalability, reliability, and enhanced performance for evolving cloud, mobile, and social ecosystems. Storage, proxy, synchronization, and virtualization are unified into a single deployment platform that can deploy and integrate with existing systems and provide a smaller footprint within organizations. Solution Black and his team looked at many leading vendor offerings before selecting the Oracle Identity software. Many of the offerings were very, very good, says Black, but no one was investing in the future the same way as Oracle, which "had all the pieces we need to leverage social media, risk-based authentication, and provisioning, plus we feel confident in the consistency of Oracle's upgrades and support." Implementation By replacing the Sun product with Oracle Access Management, SUPERVALU is enabling Web-based to SAML transactions directly to the Apple ipad. (SAML is an XML-based standard for communicating identity information between organizations. 2012 IDC #237978 3

The primary function of SAML is to provide Internet single sign-on for organizations looking to securely connect to Internet applications that exist both inside and outside of an organization's firewall.) The provisioning structure includes coarse-grained entitlements and authentication. This provides delegated account access without sharing passwords and will enable true SSO to any designated application. The standards-based solution from Oracle provides insurance for ongoing extensibility by utilizing REST APIs. Federation is very important as approximately 2,200 independent retailers count on SUPERVALU for a wide variety of grocery supply chain and business services, from wholesaling and procurement to sales, marketing, and merchandising. Results Benefits Information technology at SUPERVALU has been transformed from a cost center to a business-centric solutions provider. Black's role at the company is to listen to the business problem and develop or deliver the appropriate solution. Ideally, these solutions increase productivity while lowering costs. The delivery of 2,200 ipads for managers at SUPERVALU has been a huge win, says Black. It has assisted by transforming work from a physical destination a place to an activity. It allows instant access to information and allows the manager to spend more time on the floor engaged with the customer. By utilizing context-aware authorization, SUPERVALU is able to leverage the immediate work-anywhere-at-any-time real-time information and data benefits in a secure scalable environment. The Oracle software provides a full audit trail, and no code changes are required in deployment. Lessons Learned While some of the best-of-breed (B-o-B) products are "fantastic," says Black, he characterizes the B-o-B approach as a "slippery slope." Experience has shown this can be difficult to deal with in terms of upgrades and support. In an organization the size of SUPERVALU, he finds it best to utilize a single trusted business partner, aka the "one throat to choke" approach. FUTURE OUTLOOK Today, to make it all work, user access via ipad requires a 4-digit PIN and enterprise credentials. SUPERVALU wants to adopt OAuth (open authorization) for passing credentials on to the applications, says Black. The OAuth protocol enables Web sites or applications (clients) to access protected resources via an API hosted by a resource server client authentication to the resource server achieved through the presentation of access tokens obtained from an authorization service. OAuth enables API authentication without requiring users to disclose their resource service credentials to clients. The protocol supports a number of different interaction patterns between clients and the authorization service making OAuth suitable for a range of deployment models. 4 #237978 2012 IDC

According to Black, SUPERVALU is looking to the Oracle 11gR2 platform for delivering secure and scalable access management for mobile and social applications users. This is accomplished via API Security, SSO AuthN, OAuth, and OpenID support and authorization capabilities within a context-aware identity environment. Another project on the near horizon is the centralization of the Information Security Access Request (ISAR) software, which will also leverage the Oracle provisioning technology. ESSENTIAL GUIDANCE Actions to Consider Context awareness can play a central unifying role in the currently fragmented ecosystem of user and device identities. The rapid expansion in mobile device adoption for end-user interactions has focused attention on the challenge of identifying end users across all digital touch points, devices, and channels, transparently, without the need for a user to explicitly log in. In this situation, user identity can be based on an aggregation of sources, including third-party site log-ins, device identity, mobile operator based identity, and connection-based characteristics to ensure strong levels of authentication. By utilizing context-aware identity, which can be focused on specific applications such as digital media and social networking, and by enabling standards-based SSO management and adaptive authentication, companies should be able to achieve business benefits such as those illustrated in this Buyer Case Study. Market leaders in traditional IAM suite software provide various implementations of context awareness as part of the stack. This is provided either as part of their in-house product set or via industry partnerships. Customers should be fully aware of system and role interdependencies when embarking on these initiatives and fully vet product offerings to what is available today and what is merely promised on a road map. LEARN MORE Related Research Authentication: A Mix and Match of Mobile, Cloud, and Traditional Technologies and Services (IDC #236638, August 2012) Worldwide Identity and Access Management 2012 2016 Forecast: Growth Driven by Security, Cloud, and Compliance (IDC #235385, June 2012) Worldwide Identity and Access Management 2011 Vendor Shares (IDC #235254, June 2012) Worldwide Mobile Enterprise Security Software 2012 2016 Forecast and Analysis (IDC #233664, March 2012) IDC MarketScape: Worldwide Identity and Access Management 2011 Vendor Assessment (IDC #FIN232806, January 2012) 2012 IDC #237978 5

Copyright Notice This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2012 IDC. Reproduction is forbidden unless authorized. All rights reserved. 6 #237978 2012 IDC

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information