How Omada Has Helped One of South Africa’s Largest Online Home Shopping Retailers Optimize the Handling of their Staff
While seasonal and casual workers present a significant opportunity for companies to make the most of busy periods such as the summer and Christmas, they also introduce a substantial challenge to the IT team who must ensure that they have access to all the systems they need to do their job without compromising security and compliance. Working with our local partner Integralis IT Consultancy, Omada was selected to deliver an identity and access governance solution for one of South Africa’s largest e-commerce and online retail groups.
The challenge of seasonal workers
Whether they work on the shop floor, drive delivery vans, or provide customer service, temporary workers often need the same levels of access to business systems as permanent employees, which can cause challenges for the company. For one of South Africa’s largest home shopping retailers, selling homeware merchandise and financial services across the region, this means a high volume of staff movement each month, and a full-time workforce of 2200+ employees, involving a complex web of permission and entitlement management.
Specifically, this involves managing the full lifecycle of accounts and permissions:
- Onboarding new employees across many sites in a short period of time, giving them access to a wide variety of both on-premises and cloud-based applications
- Limiting access to systems so that seasonal and full-time workers can only see the information they need and no more
- Maintaining an accurate list of temporary and ongoing workers and their existing access rights
- Getting in control and staying in control of Active Directory accounts
- Disabling access for seasonal or terminated worker’s when they leave the company
- Proving to auditors that the organization is in control of who has had access to resources over time
An additional layer of security
The complexity of managing the full lifecycle of seasonal and ongoing employees is further complicated by the necessity to comply with the Protection of Personal Information (POPI) Act. Activated in South Africa in 2013, the POPI Act ensures that companies are forced to establish policies and enforce compliance to avoid financial penalties.
The identity lifecycle management processes of the Omada Identity enables the company to identify Active Directory accounts without owners and provide the mangers with an opportunity to either assign an employee or contractor as owners, or to delete the account as appropriate. Once the company had taken control of its user identities, it used a combination of the identity lifecycle management, access requests, and role and policy management processes to ensure that users only have access to the resources they need on an ongoing basis. It is also able to ensure that new employees are given the right level of permissions from their first day of employment.
This has resulted in the company being confident that they are protecting the valuable information stored in their critical business systems against theft and non-compliance with regulations while ensuring the productivity of employees.
For the customer’s Group Operations Manager, the ease of being able to conduct audits, adhering to such rigorous compliance requirements is a significant value-add; “Not only do we have a single interface from where we can see all permissions assigned to an individual, but we can also report on all historic events, and provide our auditors with reports to prove our compliance. Omada Identity has drastically reduced the incidents logged due to lack of permissions in new roles or for new employees”.
An all-in-one identity management and access governance solution
With a fully featured process framework for identity management and access governance, Omada Identity simultaneously improves IT security, ensures compliance control, and enables business efficiency. Specifically, for large retailers, this means having the ability to:
- Onboard large numbers of casual workers quickly and efficiently during busy periods using pre-defined roles
- Be able to ensure that casual and ongoing workers have access to the right resources so that they are productive from day one using scheduled access
- Be able to automatically remove access rights for seasonal and ongoing workers once their contracts expire
- Regularly verify that all user accounts are assigned to a current worker to prevent those who leave before the end of their contract gaining unauthorized access
- Effectively manage access to a broad range of on-premises and cloud-based applications required by a variety of different roles
- Be able to generate historical reports to prove to auditors that the access rights of all seasonal and full-time workers were limited to just what they need
Integralis Director and Solutions Architect Quinton Hughes says that the speed at which Omada Identity could deliver upon its promises was the most exciting part of the project. “We were seriously impressed with the ease of deployment, implementation and how quickly we could implement policy and provide our customer with reports. The entire deployment from zero automation and integration to 8 systems being onboarded and provisioning/deprovisioning automation into all systems were completed within 3 months”.