Eliminating credential sharing strengthens retailer security
Snapshot
An international fashion retailer asked Kalles Group to help eliminate the sharing of access credentials between Executives and their assistants to secure the company’s applications, credentials, and delegation process. Kalles Group experts helped the business change their systems and processes for all identified applications and delegation methods, rolling out targeted training to ensure widespread adoption.
Challenge
This international fashion retailer asked Kalles Group to help eliminate the risks inherent in the sharing of access credentials between Executives and EAs (Executive Assistants). Executives often shared their credentials so that EAs could act on their behalf through applications like Outlook, Coupa, MS Apps (Teams, Sharepoint, OneDrive), Zoom, ServiceNow, and Workday. This poses a major security threat and can lead to data compromises. The challenge was to eliminate credential sharing by providing the appropriate level of access for EAs to view and act on behalf of Executives for certain tasks.
Approach
Kalles Group first collected a detailed list of requirements through discovery conversations with EAs. Although this project initially focused on eliminating credential sharing between Executives and EAs, during the course of the project, similar problems were identified with Area Directors and Area Coordinators for North America, so the project expanded to improve their security as well.
Subject matter experts helped to determine what was feasible in terms of configurations, and then the business made a final decision about which process and configuration they could make. Then, Kalles Group and the business got to work developing new processes and configurations, testing new changes, conducting trial runs, and rolling out training to the EAs.
Results
In order to ensure that EAs were able to seamlessly adjust to working without passwords, a phased rollout was carried out for each application and training was provided to EAs. The EAs received post-rollout documentation for help with the changes, including recordings of training sessions, FAQs, and a delegation guide for each application. As a result, EAs no longer need their Executives’ MyApps password to complete tasks on their behalf. Executives were also provided a summary of these changes and received a Task Impacts list, which provides a list of the changes, impacts, and tasks that are now shifted to them.