Pick n Pay fully automates identity security

decorative image
Time to read: 8 minutes

The Pick n Pay Group is one of the largest supermarket chains in South Africa, with over 2,000 stores, 90,000 employees, and over $5.5 billion in annual sales.

Challenge

As a major retailer in Africa, Pick n Pay needed to ensure that each employee had access to the right information at the right time, without compromising security.

Solution

Using SailPoint solutions, Pick n Pay has been able to create an identity for each employee, as well as partners and staff at franchise locations, simplifying governance and security.

Industry

Retail

Company size

10,000+ employees

Partner

CyberIAM – South Africa

Using SailPoint solutions we’ve been able to fully automate the identity process and reduce our audit findings significantly, while enabling 1,400 password resets via the system on a monthly basis

Sandra Moumtzis, Head of Enterprise Applications, Pick n Pay

53,000

identities

1,400+

password resets monthly

500+

applications

Pick n Pay is an iconic brand in South Africa, growing from humble beginnings over fifty years ago into one of the largest grocery store chains in South Africa. Over the years, the company has expanded into other lines of business, including clothing and liquor, and into other countries, all while adding hundreds of franchises and growing a successful online platform.

However, like many other companies, Pick n Pay’s future plans, from growing market share, strengthening engagement with customers, using technology to drive growth, improving margins, and driving shareholder value hinge upon secure and effective IT systems that deliver the right data to the right employees at the right time with as little risk as possible. And with a footprint of over 90,000 employees spread across multiple countries and over 2,000 company-owned and franchise stores, that’s no small feat.

With so many employees, the company needed better ways to grant and remove access as employees turned over. It needed to simplify onboarding and reduce termination risks, as well as give managers better information on what information access their employees had. To improve its security posture and help enable those objectives, Pick n Pay decided to upgrade its Identity Access Management (IAM) system, evaluating various IAM solutions and implementation partners.

The IAM solution would have to work seamlessly with the company’s 16,500 SAP users across multiple modules including ERP, CRM, and warehouse management, as well as integrate with Microsoft Active Directory. Just as critical, it would need to be able to easily incorporate employees at Pick n Pay’s hundreds of franchise locations. “We have a large franchise community,” says Andrew Day, Solution Architect at Pick n Pay. “And although they use a lot of our systems, we’ve never had a concept of an identity for them.”

Streamlining and simplifying security

Pick n Pay decided early on that a cloudbased IAM solution would be an ideal fit with numerous benefits, including the fact that the company wouldn’t have to purchase or maintain any hardware or software. In addition, since not all the system’s possible users, including ones in franchise stores, would have access to a virtual private network, a cloud-based solution with builtin security would provide the best fit.

“After a comprehensive RFP process to identify possible solutions, SailPoint IdentityNow came out as being the best fit for Pick n Pay,” says Wayne Willmore, Corporate Systems Manager at Pick n Pay. “Not only was IdentityNow in one of the leading areas of the Gartner quadrant, but the product also had standard integration with SAP.”

For its initial rollout, Pick n Pay started by bringing in all its SAP HR employee data to create identities within SailPoint IdentityNow. The company went live with just ten applications using identity management, including provisioning, password reset, access requests, and certifications, but has since expanded it to over 500.

“Our experience with SailPoint has been really positive,” says Sandra Moumtzis, Head of Enterprise Applications, Pick n Pay. “Identity security is enabling Pick n Pay to focus on governance and security of our organization.”

Identity Security inside and outside the organization

An important consideration for the company was finding an identity management solution that easily worked within the company as well as across its hundreds of franchises. IdentityNow enables them to do that effectively, and is currently managing 53,000 total identities, including 34,000 employees and 19,000 external franchise contractors.

To enable franchises to use identity management, Pick n Pay built a specialized web front-end that its franchises can log into and enter identity data for staff in their stores. Pick n Pay has also made that web interface available to its partners, so they can manage the identities of their staff as well. All that data then feeds through to IdentityNow and automatically provisions accounts for franchise or partner staff.

Not only was IdentityNow in one of the leading areas of the Gartner quadrant, but the product also had standard integration with SAP.

Tangible benefits from Identity Security

IdentityNow has had a significant positive impact on business processes within Pick n Pay, including streamlining employee onboarding and termination, a huge process for company with 90,000 employees.

“Previously, part of the termination process would require us to manually terminate user access, which obviously was not the most effective way of handling those types of situations,” Wilmore said. “With IdentityNow, everything is automated and it takes away risk. Users are terminated automatically on our systems when the requirement is there, and managers have better visibility of the access that their teams have. It’s also easier for managers to request different types of access using the SailPoint solution.”

An identity management implementation of this size is a huge project, but Pick n Pay found it easy to work closely with SailPoint. “The service we received from SailPoint was great,” Wilmore said. “Peter, our local CSM, looked after us. We had regular meetings where we discussed concerns or issues or tried to get solutions for problems that we might have. We also reached out to SailPoint internationally and got great feedback and service from them.”

Future opportunities

Now that Pick n Pay has a robust and proven identity management infrastructure in place, it’s expanding the system’s capabilities. For example, the company recently ran a pilot project asking managers of selected Microsoft applications to recertify the access of their staff, and another where it uploaded files for recertification of an application that isn’t currently managed by IdentityNow.

“We learned a lot and it’s going to require a little bit more effort on our side to bolster the processes for change management,” Day said, “but ultimately, we’ll be able to drive that accountability back into the business and make sure managers know how to do recertifications.”

The company is also expanding the identity management solution by deploying SailPoint’s Separation-of-Duties functionality that enables organizations to maintain regulatory compliance, discover potential conflicts of interest, and prevent fraud and data theft.

Of course, Pick n Pay is continuing to expand the number of applications and profiles managed through IdentityNow and it will work to increase the amount of automation using the identity management system, such as automatically providing access to training for new employees.

By deploying SailPoint’s IdentityNow for identity access management, Pick n Pay has reduced risk, streamlined internal security and access processes, and enabled new business process functionality. But that’s clearly not the end, as Day adds.

“There’s still quite a lot more we can get done.”

Watch detailed interview with Pick n Pay team: