Sweet success: How Hershey modernized its identity security with SailPoint
While bite-sized, chocolatey Hershey Kisses don’t come with identity security, it takes modern and robust identity security to make those Kisses and all those other sweet treats from the Hershey Company. Ensuring the identities of the company’s more than 45,000 users and non-human machine identities is critical for smooth business processes and the overall safety of the company’s products.
That’s why Hershey recognized the need to migrate from its cumbersome legacy identity governance and administration (IGA) system to a more streamlined, agile, and business-aligned identity security solution from SailPoint.
“We had astronomical challenges, even from a password synchronization perspective, and to manage our existing system with three people was just unsustainable,” said Stephanie Miller, Senior Manager for Identity & Access Management at The Hershey Company.
At SailPoint’s 2024 Navigate conference, Miller shared The Hershey Company’s identity management migration experience and what it learned from upgrading to a business-led identity evolution powered by SailPoint.
Legacy security challenges
Hershey’s legacy IGA platform was initially implemented in 2004. While it worked, it was difficult to maintain, required weekly reboots, was maintenance-intensive, and simply couldn’t meet Hershey’s current requirements. The product was unsustainable to manage, and there were issues with password synchronization and de-provisioning access. Hershey’s three-person team received over 50 tickets daily and often had backlogs of 400 to 600 tickets in the queue. In addition, increased licensing costs made migration an imperative.
Selecting a new security platform
Hershey needed a solution that could easily handle 45,000 identities, over 230 applications, and more than 250 customizations. It also wanted one to provide process redesign flexibility, enhance source data quality reliability, and that had a good cost-to-benefit ratio.
After an extensive selection process that involved conducting a Gartner analysis, attending conferences, user groups, road shows, and researching possible solutions, Hershey selected SailPoint for its flexibility and ability to meet all use cases.
Migrating to SailPoint
Hershey took a phased approach to implementation that started with creating a solid partnership between its security and HR teams so the entire migration process could be business-led. The security team worked with HR to make sure HR processes were documented correctly, especially ones that might occur in international offices or manufacturing plants.
When it came time to kick off the migration, Hershey focused first on the processes with the most significant impact, such as the joiner-mover-leaver processes and password synchronization. It managed the migration in phases, migrating development first, testing second, and then production.
From there, it prioritized the rest of its applications into subsequent migration phases until all of them were off the old platform. For a while, both the legacy system and the new password synchronization systems were running in parallel. The phased approach allowed the team to address issues and ensure a smoother transition without disrupting critical processes.
User adoption and future considerations
The SailPoint rollout has been a solid success, eliminating the problems with Hershey’s previous identity security product and providing a foundation for future growth and security improvements.
As with any migration, however, there are learnings. For example, Hershey has identified opportunities for process changes. One thing that Miller would do differently next time would be to convince the application owners that .CSV files or manual fulfillment are not the way to go live. Instead, she’d recommend using Active Directory groups for provisioning and de-provisioning. And if that wasn’t available, using whatever APIs could be used to create a connector.
Miller also recommends that application owners standardize their nomenclature, clean their data, and do role modeling. “Role modeling would be a huge win for us,” Miller said.
Miller is also looking forward to Hershey’s rollout of a new ID front-end system that incorporates password changes and multi-factor authentication. “I think that’s going to be much better for our user population,” Miller said.
Learn more by watching the full session
For more details on how Hershey modernized its identity security with SailPoint, watch their 2024 Navigate session featuring Stephanie Miller, Senior Manager of IAM at Hershey and Gaurav Kabra, Managing Director of IAM at Cyderes.