The Home Depot nails identity security challenges
The Home Depot is the world’s largest home improvement retailer, with 2,316 retail stores in all 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Guam, 10 Canadian provinces and Mexico.
Challenge
The Home Depot needed to replace older disparate identity technologies with a single solution to address compliance and audit requirements, while also accelerating and simplifying the process of adding and removing access for the workforce.
Solution
Using SailPoint IdentityIQ and IdentityNow, The Home Depot has boosted productivity, improved associate experience, and reduced risk, while also enhancing and improving controls.
We required a solution that would allow us to keep up with compliance and audit demands so we could solve other challenges. SailPoint was a solution to meet those complex needs.
David Hetzler, Director, Cybersecurity – Identity & Access Management, The Home Depot
Retail industry has undergone tremendous change in the past few years. Driven by digital transformation and the global pandemic, retailers have increasingly turned to cloud and software-as-a-service (SaaS) solutions to ensure that online customers can quickly and seamlessly place orders and have them fulfilled how they would prefer.
At the same time, retailers have increasingly turned to digital transformation to improve security for customers, employees, and vendors, while also providing the care and support necessary to meet the needs of those same stakeholders as they access networks from remote locations.
As the largest home improvement retailer in the world, The Home Depot has successfully navigated these trends in support of its more than 500,000 associates and millions of customers across 2,316 stores in the U.S., Canada and Mexico. While The Home Depot’s culture is centered around supporting homeowners and professionals as they fix and improve upon homes, the company also continually looks for ways to “better empower its associates with the best technology and solutions to improve productivity, security, and company processes,” says David Hetzler, Director, Cybersecurity – Identity & Access Management, with The Home Depot.
Hetzler leads Identity and Access Management (IAM) for the company, including support for Identity Governance Administration (IGA), directory, authentication, certificate management, and privileged access. As Hetzler has worked to meet the challenges taking place in the retail industry, he turned to SailPoint to do so.
Hammering out the challenges
Not only did Hetzler and his team face challenges common to the retail industry, but The Home Depot also had a number of internal challenges, including the challenge of consolidating older, disparate technologies; improving compliance and audit response; and ensuring workforce productivity.
“We needed to standardize technology across the company to reduce legacy technology debt, while also improving how we addressed compliance and audit requirements, which are continually evolving,” he said. “And we knew that our choice of solution must make our associates more productive and be easy to use. Our goal was to ensure associates would be productive from day one, so we needed a solution that would manage the workforce lifecycle, including the ability to automate the process for adding and removing access.”
Hetzler knew The Home Depot needed a tool that would work across the entire company, integrating with their IT systems to centralize access controls, while also providing an ongoing stream of innovation. “Ultimately, we had to have a solution that could manage the scale and complexity of a Fortune 17 company,” he said.
Using the right tools
Hetzler already had familiarity with SailPoint’s solutions from working with it at previous companies. When he began working at The Home Depot, the company was already considering SailPoint’s solutions as they were flexible enough to handle the seasonality of the company’s business. The solution also provided the ability to seamlessly support a wide variety of roles. “SailPoint stood out from the competition because it’s a proven technology that has a strong support team behind it, and it met our requirements,” he said. “Because of our scale and complexity, we have many edge case scenarios with requirements that must be met. “We required a solution that would allow us to keep up with compliance and audit demands so we could solve other challenges. SailPoint was a solution to meet those complex needs.”
Today, The Home Depot uses several SailPoint solutions for various purposes including for the company’s access certification, access request and approval, and password management processes, Hetzler said.
“We use it to do quarterly certifications for access, to remove access that is no longer required. We also use it for transfer certifications so we can remove unnecessary access when an associate changes roles within the company – that is a capability we did not previously have. In July 2022, we also started using it to set up the Joiner-Mover-Leaver process – essentially managing access across an associate’s entire lifecycle, from day one through their last day with the company.”
The Home Depot also uses SailPoint for password management, replacing four legacy password reset tools. “SailPoint enabled us to centralize the password management process so associates can change passwords when and where they want.” Hetzler adds that the self-registration function allows end users to login without seeing a password, an improvement to both user experience and security. End users now solely use SailPoint to manage their passwords saving time, confusion, and complexity.
Integrating apps into the solution
SailPoint has become a single source of truth for all user access across The Home Depot.
David Hetzler, Director, Cybersecurity – Identity & Access Management, The Home Depot
The Identity Warehouse and SailPoint integrations enable The Home Depot to manage access information for all associates and contractors. They’re also using APIs for access request, increasing productivity across multiple platforms through tens of thousands of monthly API calls.
For example, The Home Depot is using the SailPoint’s ServiceNow connector. This integration has enabled them to track and manage tickets for access provisioning to disconnected applications, while increasing efficiency in the overall process. This integration has also provided improved tracking and given end users much appreciated transparency into the process.
The Home Depot solution had to work with hundreds of systems in their identity security compliance landscape. This included integrating core applications like Workday and Active Directory, and thousands of store LDAP and Informix integrations.
A better experience that reduces risk
Hetzler said SailPoint’s solutions have enabled The Home Depot to establish a repeatable process that minimized the time to prepare for audits and compliance assessments. This also increased the amount of access revoked during each certification cycle - thus removing stale access.
Likewise, SailPoint’s solutions have enabled the company to consolidate request processes from multiple tools into a single solution. “We’ve been able to increase the automation of provisioning upon approval, which reduces the amount of time that it takes for someone to obtain access,” Hetzler said. “And SailPoint’s interfaces and automation have improved the user experience when associates request access.”
Overall, Hetzler said SailPoint’s solutions have improved productivity, reduced risk and provided better management of risk through its enhanced controls, all of which enable the business to focus on the business. “In other words, our associates can dedicate more time to strengthening our ability to protect customers, associate and company information,” Hetzler says. Additionally, Hetzler said “Simplifying the access and password experience for associates means they can spend more time focusing on taking care of our customers.”
Successfully completing the project
As a result of using SailPoint’s solutions, Hetzler said his team is receiving fewer audit findings, which enables them to focus on the process itself. Moreover, doing so has built credibility with The Home Depot’s technology and business partners because the company now has a modern solution in place.
“We’re able to address feature requests more rapidly and with greater insights,” he said. “Today, we’re able automate or configure a user role, and more quickly customize and adapt to modern challenges.”
Hetzler said that their deployment has been successful because they have a dedicated internal team and a strong integration partner aligned to improving their maturity. “The collaboration between The Home Depot and our partners has centered around end-user experience and advancing our maturity in this space. SailPoint’s guidance to navigate around known obstacles enabled our implementation to run very smoothly.”
SailPoint’s solutions have also positively impacted the company’s Identity and Access Management operations. “We’ve gone from multiple individuals supporting multiple toolsets to a unified team that supports one standard tool and set of processes,” he said. “It now takes less of our time to synchronize between tools because we have a singular view of the different phases of the lifecycle for everyone. We’re now much more agile in our ability to address challenges as they come.”
Hetzler appreciates SailPoint’s shared philosophy to provide an environment that promotes asking questions and get support on demand. “SailPoint gives us the foundation for managing the access lifecycle,” he said, “which allows us to use access data, quickly build insights and determine the appropriate type and timing of access.”