The new perimeter
Ask any large organization, and it will stress the importance of security. But at e-commerce giant ASOS—one of the world’s largest online fashion retailers—security is a fundamental part of its brand promise. Every year, 20 million customers around the world trust ASOS with their personal information, so the company tightly controls access to its internal systems and software as a service (SaaS) applications. But with its global footprint, the ASOS security perimeter is vast.
The company determined its traditional corporate firewalls were no longer the best option to safeguard its worldwide network from a growing range of threats. ASOS decided a new approach was required and created a team focused on Identity and Access Management. So today at ASOS, identity is the new perimeter.
With thousands of employees accessing a variety of SaaS apps such as Workday, ServiceNow, and others—each often requiring different identity attributes—ASOS administrators spent many hours manually loading CSV files to apps for new hires. This approach also led to some mistakes and the ASOS tech teams had to spend a huge amount of time helping people get the right access for their new accounts.
Manually closing accounts also consumed administrators’ time—and sometimes it fell through the cracks. “Like any manual process, there’s the potential for human error,” says Mark Lewis, Infrastructure Architect at ASOS. “Sometimes, accounts that should have been disabled were missed. The longer an account stays open, the longer it remains vulnerable, which creates a significant security risk.”
To improve security, efficiency, and productivity, ASOS adopted Microsoft Azure Active Directory (Azure AD) to automate identity management for Microsoft Office 365 apps and other SaaS apps. Now administrators at ASOS can automatically provision and revoke access as people join or move on from the company.
An automated provisioning layer
ASOS uses Azure AD as a provisioning orchestration layer between its HR system, Workday, and most of the SaaS apps used at ASOS, including Office 365, Workplace by Facebook, Slack, ServiceNow, and Atlassian Cloud. Administrators automatically feed identities from the HR source of truth into Azure AD and push the appropriate attributes to each SaaS app, saving significant time for the tech team and the service desk.
“We use Azure AD to provide seamless access for new users to everything they need from across our SaaS ecosystem, right from the day they join the company,” says Lewis. “We’ve made provisioning much faster and simpler, and in Azure we can scale our capabilities as our app landscape and userbase grow.”
With Azure AD, ASOS can now give new employees single sign-on access to the workplace tools they need, helping to minimize password proliferation. And when employees leave the company, ASOS can automatically delete all their accounts, helping safeguard customer information and the company’s valuable intellectual property.
Along with Azure AD, the company has access to a range of other identity and security innovations through its Microsoft Enterprise Mobility + Security E5 license. For example, ASOS uses Azure Multi-Factor Authentication across the business to provide additional security beyond passwords, and conditional access in Azure AD to temporarily bypass multifactor authentication, so employees can stay connected and productive if they lose their device. The company also uses Azure Advanced Threat Protection to monitor its directory services for unusual user activity and investigate discrepancies quickly.
Standards-based risk reduction
Automated deprovisioning means ASOS can shut down accounts on the day a person leaves the company. ASOS uses System for Cross-domain Identity Management (SCIM) open-standard provisioning in Azure AD to manage all apps more efficiently with a common data language, so it can apply standards-based automation to disable accounts within hours of an employee’s last day and take human error out of the picture.
“I can sleep a little better at night because I know that we disable every inactive account as quickly as possible,” says Lewis. “With Azure Active Directory, I know it’s done, and it’s done right.”
Lower costs—less monotony
While ASOS chose Azure AD to automate provisioning, it has found a range of other benefits: It dramatically reduced access lag for new hires. It also made it easier for all employees to manage access and get work done with single sign-on. “Our service desk spends much less time setting up users and creating or deleting accounts, which gets our costs down,” says Lewis. “We’ve also automated a really monotonous daily task—sitting there for hours repeatedly filling out user identity details is nobody’s idea of fun.”
Administrators more easily provision and deprovision accounts when they can pull identity data from a single source of truth and remove the complication that comes with managing myriad identities across multiple applications. “If someone gets married and changes their name, we enter it once in Workday and then let it automatically trickle through to every app,” says Lewis.
The easy life
ASOS administrators use rich reporting features in Azure AD to further simplify identity management. Lewis gets an automated email each morning that details all provisioning events from the day before. He uses that visibility to understand what’s happening across the ASOS app landscape as the company continues to scale.
“The great thing is the platform is continually growing,” says Lewis. “Microsoft adds more and more apps to Azure AD every couple of weeks, so we can provide automated, unified access to more tools, making governance much simpler.”
“With Azure, we take a scalable, automated approach to provisioning and deprovisioning,” he adds. “We made our lives easier by adopting Azure Active Directory—we’ve saved time and money, improved the employee experience, and enhanced the security of our entire SaaS ecosystem.”
Find out more about ASOS on Facebook, LinkedIn, and Twitter.
We’ve made provisioning much faster and simpler, and in Azure we can scale our capabilities as our app landscape and userbase grow.