Review the Full Session Transcript
No time to watch the session? No Problem, Take a read through the transcript.
Speaker 1 (00:00):
Good afternoon. Welcome to today's session at the Power of One, our third annual identity and privileged access management virtual conference. This session, empowering upfield Better Plan-Based Future Through Automated Identity is featuring Ette Fiera from Upfield and Colin Duffy, burger Securities senior Vice president of Corporate Sales and Channel. The session will be a fireside chat with Colin and Ette. Over to you, Colin.
Speaker 2 (00:32):
Awesome. Thank you Carolyn, and super excited for today's session. I'm very happy to be joined by a valued customer and someone I would call almost a colleague at this point in terms of how closely we've worked together over the last few years in Ferrera from Upfield. And just in terms of a bit of context and background for you today, myself, I've been in the identity security space for almost 17 years now, operating both in North America and Europe, and I crossed paths with the lead. I think it goes back to maybe 20 13, 20 14. At that time you were with another organization, but certainly we have been in contact for many years and certainly someone who I look to in terms of an identity security leader and very experienced in this domain. So excited for today's session and to tell the Upfield story with ELECT and perhaps ette, you'd like to share a bit more about your journey in identity security, how you ended up in this domain, did it choose you or did you choose it? And maybe just a bit of background for the audience from your experience to date.
Speaker 3 (01:42):
Hi. So I'm Pereira. I think I kind of fell into identity, so I'm not entirely certain of whether I chose it or it chose me. I have been in this for too many years. I'm too scared to say because then I'd be admitting my age, but it is true. What Colin says is that we met in about 2013. I've done everything in identity. I've been the user access management person creating accounts. I've been the person implementing the system. I've been the person being on the receiving end of the system working. I've been a service owner. So I think I've done proper circle around there for, as I said, too many years. I'm very excited to talking today about Upfield journey with Vera.
Speaker 2 (02:26):
Awesome, thank you. Looking forward to it. The next slide gives you that opportunity to present opportunity Upfield and where you guys would come from and we can talk a little bit about what was driving your needs around identity security. So maybe just for the audience, who is upfield? What do you guys do and what does it look like and in terms of your global footprint?
Speaker 3 (02:48):
So Upfield is the global leader in plant-based foods. We're a young company whilst the company itself is only five years old. The brands we present are more than a hundred years old. As you can see we're there's the second number two plant-based player in the world. We have six power brands, we're across 90 countries. We've got the top three of those brands in about 40 of our markets currently with prera, we are supporting and protecting 4,800 identities and these are upfield permanent members of staff as well as about 1,200 external third party suppliers. We have 14 factories across the globe. There's a nice little map there to show you where we're situated. If you dunno about us, your mom might know about us because we make butters and spreads that make cakes help and cake baking, et cetera. Upfield is unique because we did come from a, we are a breakaway company from a big parent company.
(03:59):
I'm not going to mention the name, but quite a big food-based company that is very global. And because we came in five years ago, I was able to come into Greenfield and set up our environment. I was able to grow and shape how I wanted to protect identity within upfield. I report to our global ciso, so we sit in the cyber function and I think that's kind of unique. Sometimes you might see identities in the operations function, but I was able to squeeze it in to the security function. So again, I don't think we would be as successful as we are today if we didn't have a really strong power or partner like Prevea.
Speaker 2 (04:40):
Awesome, that's great. In terms of upfield business operations, I know you've kind of seen a few different perspectives, a few different industries. Was there anything uniquely challenging about how Upfield operates and related to managing identities needing to drive, whether it's more automation, more governance, anything that you can speak to in terms of drivers behind investing in identity security for the business?
Speaker 3 (05:10):
So as we came from a big parent company and we then established ourselves as a breakaway, we didn't really have access management in place before governance in place before. So I was able to do that identity lifecycle process, protect those identities, make sure we had the right identities accessing our environment. We not only was able to put those identity things in place, some of the automation by connecting our IT systems to the HR system, we were also able to then put in some more governance in place or wrap governance processes around what to request, who should be requesting access, what are you supposed to be accessing? You can't just say I want the same access as Peter, I want the same access as Paul, which, oh my god, heart attack area. So with the power of Revera, we were able to then have an access catalog that showed what you can request as well as then during that map of who's got access to what already we'd never seen that before. It was very new. Some of the other basic things you would do in identity access management, like approvals, putting in place, you don't just have someone walking up to a desk and saying, please can I have the same access as Peter? You actually follow a formal request process. So that was new for the company and quite exciting to set up.
Speaker 2 (06:34):
Awesome. Looking back at that kind of time period, we're going back to 2020 now in terms of the journey starting together between Brave and Upfield at that point in time, and we'll touch on this again later in our session, but can you give the audience just a bit of a perspective around your perceived identity maturity back in 2020 rolling out of a parent company, starting up on your own, having to really enforce processes and decisions and potentially practices that weren't natural to the company. What stage would you guys have been at it that point?
Speaker 3 (07:11):
I think if you take a look at a maturity scale, one is kind of like everything's chaotic. We were really, oh my god, nowhere. We didn't know anything. So I think we were round about one because I was able to put some of those processes in place. But in 2020 we changed our service partners and some of our model and we're then able to partner with yourselves. And then I think from going from that one to now, we're definitely in between three for defined and managed kind of service. So between three and four and I think that really is a testament to our partnership together.
Speaker 2 (07:48):
Awesome. Yeah. Fantastic. And for those in the audience, we'll be doing a session on identity and privilege access maturity later. So to relate to what I let saying, tune into that session to learn a bit more about the different levels and maturity of both identity and privilege. But certainly it's a journey and there's still more to go, which we're excited to work with you on. But if we move on to the next slide, just giving or getting a look at what we've been doing, what we're doing today and what that looks like for upfield in terms of activity, events, transactions, automation. How would you describe your estate? So I know when we started down this path, there was a number of applications, you guys, being a new company, were mainly cloud centric and remain that way, but what does your environment look like regardless of the identity platform, what systems, what are we targeting? Yeah, I dunno. Maybe some perspective in that respect that regard.
Speaker 3 (08:49):
Right. So when we started this journey in 2020, we wanted to make certain that we were protecting those identities. So we are protecting 5,000 of those identities. We've obviously automated that with using Vera Identity Manager, we connected the system to our HR system. We then focus on those, what those joiner move leave processes look like. When do we want to create accounts, what do we want to create? What is birthright access? What are user classes? We kind of broke our identity part down into two parts. The first was the identity life cycle and automating that. And then we said we would look at our access request processes, our access catalog, the governance around granting access. So at that stage, I think we initially said about 50 applications. We now today, as of yesterday, really are looking across those 5,000 identities, across 60 applications. So clearly defined roles across 60 of those applications.
(09:48):
We are predominantly SaaS, SaaS-based company cloud first, as you all know, I really dislike the word journey, but this absolutely was a journey. We had many up your struggles many times we wanted to give up, but we are now protecting those 5,000 identities and those 60 applications. We put in a couple of connectors with yourselves, active directory connectors, so we can create those 80 accounts by themselves. You'll notice that from going live to today, we created 2,648 accounts manually. Now imagine those little tickets at the help desk, someone's going right click, new user, first name, spelling mistakes and all those other things. 2,648 accounts have been created. Obviously we've also got attrition. So 1,791 accounts have been automatically deleted. And again those help desk tickets no longer got those help desk tickets. No one saying right click the link or whatever. That was automated and we've had 22,597. I mean that's quite a number. I can't even say it properly. Account modifications. So that could be things like updating a line manager, updating a person when they change their roles, updating where they sit in the company. So quite successful I think for identity manager. I haven't really talked about privilege. So you got a question? I think I saw something pop up on the chat. Is there a question?
Speaker 2 (11:13):
I think that was a prompt from Carolyn to invite questions as we go. Thank you. I dunno a question just yet, but certainly that's great background. And just for the audience's sake, what we've delivered to Upfield is a single tenant model in terms of an identity and privileged system that is geographically distributed run out of AWS as a service. In addition to that, we do provide a service wrap around that. So it's a bit of a hybrid delivery model in terms of not only is it the product, but there's some, for lack of a better term, managed administration and expert services that we deliver on top and partner with upfield and their service provider to bring this all together. So yeah, there's a number of moving parts involved and you don't need to go through the stats in great detail there in terms of identity and privilege. But overall I think you've been quite happy with the service once it's up and running, let's say. And the privilege piece, I think you were quite pleased with in terms of the time to delivery. I guess where are you guys? Go ahead.
Speaker 3 (12:27):
A bit on the pam. Right. So we decided that we really wanted a small digital footprint and the fact that Vera provided both identity and privileged access management, it really helped. Why do I need to speak to two different vendors? Why do I need to speak to two different software providers? The systems, the interact and they're independent of each other, but actually the fact that identity knows who my accounts are when I create them provisions, the access to Oura PAM solution works like a charm, right? I know when to remove them from Pam. It's just really great. As you can see some of those stats there, we rolled out the privilege access management system. I've never implemented a system so quickly. We did 12 weeks, that's three months and we rolled it out across our operating systems for active directory and Unix Linux. So our always layer is protected in 12 weeks, 2,170 accounts are managed every day. The passwords are checked and when they checked in, the passwords are randomized when they're checked out or checked back in. If we don't use that account, we are resetting those passwords all the time, completely randomized, we don't even know what those passwords are. As you can see, 21,260 randomized passwords and 1008 checkouts, I think that is just 1000 N eight checkouts in the last year. So we are actually using this and it's been a phenomenal journey. 12 weeks to roll out a PAM system. I mean, come on any day.
Speaker 2 (13:55):
Awesome. And I guess we focused on what seems like the automation side. So we're doing a lot of transactions, we've been able to automate a lot, which is obviously been a benefit to the business from an efficiency standpoint, but I know you want to go further than that. Can you speak to what you're looking at in terms of governance, what you want to achieve? You've got the access catalog in, where do you guys go from here and in terms of the journey and further maturity in your mind?
Speaker 3 (14:23):
Awesome. So from an identity manager perspective, our next step is really embedding some of the new governance things like recertification, segregation of duties management, setting those rules up. This is new for upfield, they've never done this before. That was the first time they can actually see who's got access to what. So that recertification is quite vital now. So we can make certain that Peter who would the same access as Paul actually is valid. And we're going to be working on defining some of our roles, defining some enterprise roles. We're at the moment working on two new connectors amongst yourselves. So augmenting our Azure ad connector to do some provisioning, creating groups, et cetera, as well as an SAP connectors. So SAP is one of our main applications that we use or platforms that we use. I'm very excited about that one. Later on I'll talk a little bit about how our CFO is bought into this and is so excited about actually the fact that we putting some end to end automation into place around identity manager in the privileged access management space. Pam is our steady Eddy, it's just floating along, it's great, but actually we are going to put some more automation in place where we're onboarding some of our servers automatically and augmenting our SIEM SIEM integration that we have today. So we've got some logs going to our search team and we're going to be taking tying some of those done and really classifying them correctly. So in both we've put automation in place, but we're on that next step in that roadmap.
Speaker 2 (15:52):
Awesome. That's excellent. So it's not all that rosy in terms of the journey. So let's talk about some of the challenges in the next slide here we faced along the way together, but also just what you went through in terms of getting the sponsorship, maintaining that sponsorship in the face of some of these challenges within upfield because identity programs are very difficult to deliver and sustain and I think as you said earlier, if you're doing your job right and it's running smoothly, no one's going to notice. So it's very hard to get credit that it's due as well. So maybe you can, I shot myself
Speaker 3 (16:30):
In the foot there, right? So again, I do see identity as the perimeter. That was quite thing to get into place. Our CSO buys into that, our C-suite also buys into that. So obviously security, the perimeter being quite strong, but as you said, if I do my job well, no one knows about it. So you do face that challenge because the biggest challenge really was making certain that Idam was on everybody's radar. The program is set up, we've got that management buy-in, right? So I'm a steamroll. I was saying to Colin earlier today, I'm a steamroller. I just barge in and convince people to do that. But you can't do that all the time. So you really do need to make sure that you find a way to put idam on the roadmap. Everyone should be talking about it, establish your stake, your key stakeholders or get their buyin, buy them drinks if you need to offline, make certain that they trust you enough that you've got proper support because support is quite difficult.
(17:29):
To get in isn't just a small little thing. It's a massive, massive program. So I think the importance of ida, make sure everyone knows that beat the drum all the time. I tell everybody all the time, please, please, please, IDAM is important. It's important. I'm Gandalf, you can't pass. Just please, please, please. So beat the drum constantly, keep doing that and maybe just wear them down or do my approach and steam rid 'em may not help. I think some of the other challenges we faced not only once I got that buy-in, was really to make certain in that we really wanted to make certain that the technology was the right decision for Upfield. We'll talk a little bit about what went well, but I really feel like in some instances we made some assumptions around the maturity of the product and because we were one of the first SaaS customers for Colin Revera along with Colin, I think we pointed out some of the processes that could be done better.
(18:35):
And along with the team, every time I provided some feedback, whether it was negative or I think I'm quite direct, so they were quite used to hearing, oh, everything's terrible, the Latinos can phone us again or whatever. The team really did come and help and take that feedback on board and from 2020 to date, I can see the changes they've taken, processes have improved, that the managed services improved, the maturity has improved. And I think that is a testament to the partnership. The fact that we could be quite direct and say this really sucks, can we make it better? And that the commitment from Vera to actually make it better. And I've seen that. The other things we had was sometimes you would struggle to change your business process so that it fits the technology because I don't really want to change the technology or customize the technology, let's change that process.
(19:27):
I was in a unique situation that it was greenfield so I could change some of those processes, but in some instances we did need to do a little bit of customization to try and make sure that actually it does meet all of our requirements where we couldn't change those processes. And again, the Vera team were hands down, really, really good at helping us do some of that customization and not putting us to any risk for future upgrades, et cetera. I think one of the other challenges we faced was this hybrid model where we have a service provider who didn't know the technology. This is new to them and the Vera guys worked really well, really hard to make sure that training is there, that they know how to support the system, but obviously you're not going to know everything on day one. So this kind of hybrid managed service model has actually been sometimes good and sometimes bad. But again, this was something that Vera didn't need to do but was one of our requirements or one of our needs and they actually stood in and helped us there. So largely I think there's like those four main things that were those challenges and where we came together.
Speaker 2 (20:36):
Yeah, excellent. And from our standpoint, we certainly have gone through a lot of development since 2020 in terms of the maturity of the service that we're offering to customers from as a service perspective. And the product has continued to innovate and develop as well to support that effort. But having a customer like yourself lean in and push back when it was justified has been instrumental in helping us improve and get better at doing what we're doing in terms of identity security as a service. So we're absolutely grateful for everything you've done in terms of supporting that effort and I think some of those challenges you referenced will be relatable for many customers and prospects as they navigate their identity program and trying to get this sponsorship and maintain it and sustain it. I know there's been times when you and I have had conversations with respect to engaging a stakeholder in the C-suite and trying to get them to really have confidence in what we're doing and there is a good ending here or not a good ending per se, but it's going to get brighter in the future.
(21:44):
So I know we'll touch on that a little bit as we get into what went well, but I think that's really important for the audience who are considering identity security programs. You got to be able to recover, you got to be able to get back in front of your stakeholders and justify the project. These things are all about momentum and if it stalls out, it's very difficult to recover. And you've come from a world with many years of identity security experience, you know how to navigate those challenges. But some of our customers are in greenfield themselves in this domain. So I don't know if there's anything you'd like to share or guidance or what they might need to keep in mind as they travel down this path as well in the future.
Speaker 3 (22:26):
Interesting question. So I think yes, I am fortunate that I've been doing this for some time, but if I was faced with doing this from the beginning, as I said to you that management buying-in is very essential and Colin and the team worked really hard on some of those, giving you some tools to get that return on investment. When you present that to the CFO, obviously the CFO is going to be like, ah, okay, cool. So less password resets, that means X amount of saving. Oh, look at that. The amount of time it takes to do a recertification today, the managers presented with an Excel spreadsheet and he's going to sit there and troll through 10,000 lines. All of that can be automated. So I think we are not reinventing the wheel, right? I mean there's basic things you could do, but that buy-in working with the solution designers and the Vera team, it's not that hard. The most difficult thing is making sure when you're standing in front of that C-suite that you've got the tools and whatever information or data you've got behind you to get that buy-in and that sponsorship. But again, just don beat the drum steamroll at them.
Speaker 2 (23:33):
Sometimes you get a steam. So I in standpoint, but I guess one of the things we'll cover out next is would you do it again? So I guess from your perspective, both identity and privilege, what stands out to you in terms of what's going well, what's went well and what needs to continue to go well for you to improve that maturity?
Speaker 3 (24:05):
What went well for me was I keep joking that I bought a Ferrari, but I paid the price of a Ford, so that went well. So it's a pretty bright shining Ferrari. It can do everything, which is fantastic. And actually the Ferrari doesn't need to be pushed to the garage because it's working the way it needs to work. So it's doing what we're told that we wanted to do. It looks flashy and stuff. I think from a PAM perspective, just the fact that we're not reinventing the wheel. It took us 12 weeks to roll out a pam, a privileged access management solution and recovered that was phenomenal. Other things that went well from an identity perspective was really the way that the team, the Vera teams stood up and helped us figure out what does our RACI look like for our managed service? What does our SaaS team, our SaaS team do versus what our service provider does?
(25:09):
Sometimes when the service provider is a bit weak in their knowledge because they might remove people, key people off the contract, that knowledge leaves. And again, this product is not as well known as some other products that you might find sailing in the seas, but it's not complicated. We're not reinventing the wheel. So I just really do like the system. The fact that the two systems talk together is great. It was a really quick, quick to rollout. I think what else went well was the fact that you guys were, I think the ability for you to, if I say please can I have a new connector? The ability for you to go and look in the industry, is this required? Is this not required? And then because I actually know what pushback to me I think went well as well. So I think we had a good pushback, relationship, push pull relationship.
(26:06):
We had some unique challenges in our architecture that we kind of really only discovered as part of our journey and that's really helped us to say, actually you know what? There's something broken here, we can fix it, but this needs some investment. And that went really well as well. So I think as a whole, both those products are quite strong in the market and well known enough that our CFO knows the name of the tool we use. I mean, come on, what CFO knows that name. So again, it's great recertification. I don't have to do anything, it's there. I just have to create it, create. I didn't have to configure anything. It's great. I mean that's easy enough to do. So we're rolling it out in a month's time. I mean it was really easy to do challenges.
Speaker 2 (26:58):
Yeah, you've touched on it a few times. It's something that I take pride in and I know my colleagues also take pride in, but when it comes to these types of journeys, it's heavily dependent on a bit of a partnership dynamic rather than we sold to you, now we're moving on to the next customer. That's never been our, we certainly aren't the biggest vendor, but we certainly do lean in with customers that are leaning in with us. And granted, there's times when there's tension, there's going to be friction, but the fact that we've been able to stand up and continue to come back to the table and improve and deliver on things, I think speaks to another thing that really went well and is going well and we continue to try and maintain that with Upfield in terms of your maturity with reverse security. So hopefully you can agree to that as well. I think you do. But would you do it again? Would you do differently if you were tasked with doing it again in terms of our next slide, you're on mute there.
Speaker 4 (28:05):
So if you asked me
Speaker 3 (28:06):
About would you do it again, I absolutely would. I think I've grown as a person as well, so I try not to be as direct. Sometimes I do try and temper my directness, but actually I'm kidding. I think we are absolutely going to embark on the new journey. We're going to do. Vera Safe, very excited about that. I'd love to do Vera Pass as well, but you can't always get everything you need. So our next little bit is going to be Vera Safe, which is a very, very big part for us. I'd probably take a look at how we rolled out identity slightly differently. So we broke it into two phases. I might do it into four phases, smaller chunks. I keep being told you can't eat the whole elephant at once, don't boil the ocean. I thought by breaking it into two, I was doing that, preventing us from doing that. But if we'd broken it into smaller phases and smaller chunks, I think we would've been able to do some of the stuff a lot quicker. Yeah, I think that's about it really. We really looked at a lot of other vendors, but I just keep coming back to ease of use, not reinventing the wheel here and it's not that difficult to do actually. It shouldn't be that difficult to do.
Speaker 2 (29:31):
Yeah, for sure. Would you pay the Ferrari price tag a second time around?
Speaker 3 (29:36):
I'm going to say because, because I'm not the salesperson. No. If I was still paying that forward price, then absolutely. But if I had to buy, I dunno, spoiler or something else, then yes, well buy those Boltons, look at the Revera cloud stuff, all those kinds of things. I think I probably would be more enticed to do that, but I'm not sure I'd pay a Ferrari price for the Ferrari.
Speaker 2 (30:01):
Fair enough. Yeah, Ferrari are expensive. Well this has been awesome and I certainly appreciate your candidness and sharing your story with our audience here today. I think that takes us towards the end of our slides and I think we're hoping to open it up for some questions from the attendees. So I dunno if we have audio turned on or if we're just accepting questions via chat. But maybe I'll turn it back to Carolyn and Hailey in the event we have some questions coming in.
Speaker 4 (30:33):
Do you have any questions? You can drop them in the chat right now. We don't have any two
Speaker 3 (30:40):
Reasons. One is I spoke so well, no one's got any questions. Or two is like this woman, she talks so much rubbish. That's
Speaker 2 (30:51):
Typically the norm for these types of sessions. Questions don't surface right away, but we sometimes receive them after the and follow up with some of the attendees, which is perfectly fine. We budgeted about 30 minutes or so for this session, so minutes. There you go. Yay. Well, yeah, I mean there are no questions. We can certainly wrap up and I certainly again appreciate I let your time today, but also over the last three and a half to four years now and I'm going into our fifth year together. So yeah, it's been awesome. Look forward to many more years to come and perhaps we'll get you involved in another session like this maybe in person one day and we can chat with customers live so
Speaker 4 (31:50):
Much. Perfect. Our next session starts in about 28 minutes with Integr. That's let AI drive compliance and provisioning in your identity journey. We look forward to seeing you guys there. Thank you.
.png?width=300&height=300&name=Colin%20Headshot%20(4).png "Colin Headshot (4)")
.png?width=300&height=300&name=Circle%20No%20Background%20(2).png)
