November 03, 2010, 8:50 PM — Delivering packages to customers in a timely fashion takes more than a good shipping label.
In the case of FedEx, employees often need special IDs to make deliveries, such as the Secure Identification Display Area (SIDA) badges required to access restricted airport areas. For years, FedEx relied on 121 security administrators to manually provision and deprovision SIDA badges as well as proximity cards for parking-lot access and photo IDs for building access.
The system helped prevent security breaches, but FedEx's process for retrieving badges and disabling access for inactive or terminated employees "wasn't centralized and easy to audit," says Denise Wood, FedEx's CISO. The result, she says, were gaps in deprovisioning that not only posed a security threat, but could have required FedEx to re-badge approximately 60,000 employees in the event of an audit.
"When people leave a large company, it can be difficult to get all of their accounts closed in a timely fashion," says James Quin, a lead analyst with Info-Tech Research Group. "In a lot of cases, you end up with ghost accounts-accounts that exist on the system that nobody is assigned to anymore, and those are big security holes."
So FedEx developed an identity management (IdM) intranet application that automates the badge-management process, boosts regulatory compliance and cuts costs, all with a single card.
An employee simply submits a request to obtain a badge and, depending on the person's job function, the system automatically selects from 12 badge designs, puts the individual's photo on the badge and then forwards it to FedEx's human resources department, where it's printed and shipped to the employee. Managers are automatically notified of the need to review or approve an employee request, and approvals are logged for seven years, in compliance with government regulations.
By using a single card, FedEx's IdM system has reduced processing time for facility-access requests from three weeks to real time and eliminated more than 23,000 annual man hours, or $1.2 million, in card-administration cost. Within six months of deployment, Wood says, FedEx "completely eliminated an outsourced provider for password management," a third-party contract worth $500,000.
An IdM system "isn't an easy solution to implement," warns Quin. The project came with a $277,000 price tag and must combine databases from multiple departments with competing priorities. To foster teamwork, Wood held monthly meetings with senior-level executives from affected departments to pinpoint mutually beneficial opportunities and ensure transparency. The meetings helped Wood build a strong business case for the project. Offering refreshments didn't hurt either.
The Company: FedEx Memphis, Tenn.