Identity Governance in a High-Churn Retail World
30 June, 2021, by Stephen Swann
Governing identities for most organisations means putting policies and procedures in place to help manage Staff, Customers and, crucially, trusted third parties.
When it comes to Staff, there is normally an authoritative source of identity information - the HR platform. And for customers, there is normally a registration process and suite of self-service tools to allow customers to manage themselves (to an extent).
For trusted third parties, however, there is often no source of authoritative information. In fact, your Identity Governance platform may well be the authoritative source of identity information for these entities!
The Retail World
Like many other sectors, Retail has a proliferation of identity types. One major difference, however, is the extremely high churn rate of workers across the retail outlets and that many retail organisations operate on a franchise model.
Worker Retention & Seasonal Fluctuations
The management of joiners and leavers in retail outlets is especially time-critical. Seasonal workers who may only be employed for a very short period of time can't be hanging around waiting for systems access.
Staff in retail outlets may also find themselves moving from one store to another on a frequent basis. Arriving at a store to find your systems' access is invalid for that location would be costly. After all, time is money! The JML processes can't just be good, they need to be excellent.
If a seller's location is critical for the recording of sales metrics (which in turn would impact on commission rates), then you can quickly see how a seller would be mightily unimpressed at finding that a security platform was preventing them from performing their duties!
Organisation-owned retail outlets will be staffed by employees who exist in the HR system. Under the franchise model, however, automating the onboarding and offboarding of users isn't necessarily possible. The management of user identities, (including Joiners and Leavers) will require delegation of administration to the Franchise Owner.
Indeed, it isn't just the JML process for Franchise employees that would need addressing. We should also consider the following:
- a need for a data & process model that allows for the onboarding of new Franchises (remembering that Franchises can be made up of multiple outlets)
- a process for life-cycling Franchise details such as owner and contract end date
- Franchise decommissioning and automatic disablement for staff associated with the franchise
NOTE: There may be systems in place that provide a franchise management facility, but this would have to be considered a source of organisational information that would need to be fed into any Identity Management/Governance platform. It would be very unusual for it to also act as a means of governing the employees within those franchises.
What To Do?
Identity Governance platforms have traditionally been delivered as a blank framework - they can do everything you want as long as you spend the time and effort to configure them to do so.
Many are supplied with some basic functionality available out of the box like the ability to create a unique User ID or Email Address or the ability to disable an account when the termination date is reached. More complex functionality will, however, require configuration/customisation and expertise.
That additional complexity for the retail sector may mean that the architecture for Identity Governance may need to look a little like this:
In this architecture, salaried staff are managed and maintained within the governance platform via automated processes by synchronising employee information with the HR platform. Organisational information will also be synchronised from the HR platform but will also be updated with Franchise Outlet information sourced from a Franchise Management System - if one exists.
And of course, those trusted third parties (in this case, Franchise Workers and Seasonal Workers) could be managed directly by Franchise Owners and Store Managers.
Having a suite of pre-configured functions to enable retail organisations to realise value from their governance platform from day one isn't an unreasonable ask, though. At Madigan Solutions, we've built a suite of deployable configuration items for the IBM Security Verify Governance platform to cover the core use cases for the Retail Sector. Those configuration items cover functions such as:
Wholly Owned Retail Outlets
- Responsive JML processes based on authoritative data sources
- Web forms, processes and certification campaign definitions to support secondment/short-term cover and seasonal workers
- Franchise Organisation & Outlet onboarding processes
- Delegated Identity Management processes for Franchise Owners (i.e. JML for franchise staff)
- Life-Cycling Rules & Certification processes for franchise staff
- Automatic disablement of franchise staff upon termination of the Franchise Organisation contract.
If you would like to learn more about what we can do for your retail identity governance needs, contact us to arrange a demonstration of capability.