CASE STUDY
T
esco, one of the world’s largest
retailers of consumer goods, needed
a multi-factor authentication (MFA)
solution that would provide visibility over
account access and ensure sensitive employee
data didn’t end up in the wrong hands.
With the exception of its banking operation,
Luke Fairless is responsible for overseeing
cybersecurity strategies across Tesco’s range
of operations, including its Express businesses,
superstores and metros in the UK, Ireland,
Europe, Asia and other global offices.
His team looks after everything from risk
compliance through to digital forensics, the
Security Operations Centre and identity
access management.
Fairless is also tasked with ensuring security
awareness and education across all
450,000 colleagues in offices, shops and
distribution centres.
We discover why Tesco selected the
OneLogin solution and how it is already
providing benefits for the major retailer.
64
INTELLIGENTCIO
The challenge
Tesco is increasingly using cloud services
and while it is only office staff and store
managers that have access to email, the
wider workforce is accessing pay slips from
the cloud.
“Anybody working in stores or distribution
centres, as well as offices, need to be able to
log into that,” said Fairless.
“And we want to be able to protect
it because pay slips have got a lot of
information on them that you could use to
try and do an identity takeover of somebody.
“Increasingly, we want to be able to make
these self-service so if you need to change
your bank account details then you can just
do it yourself online rather than needing to
go through your personnel manager.
“If you’re allowing people to do that though,
you can imagine an attacker could change
that bank account detail to their own just
before the monthly paydays.
“And then suddenly, people’s salaries don’t
end up in their own bank account, they end
up in a fraudster’s bank account.
“So, the need to be able to protect those
accounts is crucial and it’s been a need that
we’ve been able to see for a year or two,
but we can increasingly see it as a need as
we go forward.”
The solution
Enterprises are now required to have a
second factor of authentication in place
as username and password information –
something you ‘know’ – are increasingly
easy to pass on to attackers, even if
only accidentally.
Fairless turned to OneLogin for a solution,
won over by the ease of use and partnership
approach the vendor was able to offer.
The second factor now used by Tesco
employees is a mobile phone – something
which employees ‘have’ and much harder
for attackers to access.
www.intelligentcio.com