Keurig Dr Pepper and Salesforce discuss transforming their businesses with identity security
Companies of all sizes are leveraging identity security capabilities in new ways to address more business challenges than ever before. To gain an on-the-ground perspective on how large companies are succeeding with identity and what they’re learning from their deployments, SailPoint CEO, Mark McClain sat down with Cody Warhurst, Director of Identity and Access Management at Keurig Dr Pepper, and Lori Robinson, VP, Identity and Access Management at Salesforce. Both executives shared a series of learnings and tips for other organizations undertaking an identity security journey.
How are businesses currently thinking about identity security?
For some organizations, identity security has moved from a behind-the-scenes enabling infrastructure technology to a customer-facing capability that adds value for customers and enables new business processes.
Since identity security often touches almost all points of an organization’s IT environment, an identity security project can have significant ramifications. Such ramifications need to be justified to senior business leaders and stakeholders.
A good example is customer software giant Salesforce. “At Salesforce, trust is our number one value,” said Lori Robinson. “So, I’ve been able to capitalize on that by coupling it with identity attacks, one of the biggest threat vectors for companies like ours. Our executive leadership is aware of that, so identity initiatives at Salesforce have a high priority on our corporate objectives.”
When necessary, Robinson makes sure to reinforce the message that identity is essential internally. “We still get a lot of pushback since people have other priorities,” Robinson said. “So, we have to do a lot of education and training on how it can be a security risk, but we always get there.”
For Cody Warhurst from Keurig Dr Pepper, selling internal stakeholders on identity security often focuses on effectiveness and efficiency.
“When users don’t have the right access, it can impact our ability to use people and resources effectively,” said Warhurst. In addition, Warhurst notes the importance of identity security to compliance, including the recertification of access privileges and the impact on the organization when access is improperly denied.
What business priorities are driving identity security?
No business wants to find out they failed an audit or have to discuss audit failures with their board of directors. In fact, compliance is one reason many organizations initially invest in identity security. These days, companies have a much better understanding of the impact of poor identity management. Specifically, its impact on productivity and how identity security can enable people to get their work done efficiently. For Keurig Dr Pepper, the focus on efficiency is a critical driver for continued investments in identity security.
“People are getting smarter about the possibilities of how identity security can drive enablement. They want more efficiency in their processes for sure.”
Cody Warhurst, Keurig Dr Pepper
For Keurig Dr Pepper, the focus on efficiency is a critical driver for continued investments in identity security. “People are getting smarter about the possibilities of how identity security can drive enablement,” Warhurst said. “They want more efficiency in their processes for sure.”
A key driver of identity security for Salesforce comes down to three words: enabling secure access. “I always say that every one of those words is really important, and we do have to enable the business and do it securely,” Robinson said. “Sometimes companies over-focus on compliance since people can relate to it, but I believe when you’re designing for compliance, you’re not designing the right way. Instead, you need to design to enable the business while protecting it.”
Next steps with identity security
Many organizations used to think of identity security as a project. But as the world gets more complex and risks increase in frequency and potential harm, it’s more apparent than ever that identity security is an ongoing program, not a one-time project. It’s a long game with lots of milestones along the way.
Companies like Salesforce that have the essential identity security basics covered are moving in more advanced directions, including leveraging new capabilities made available by artificial intelligence (AI) and machine learning (ML).
“We’re injecting AI and ML into everything we’re doing, starting with experiences,” Robinson said. “For example, how do we simplify the onboarding process for administrators to our services and make it more self-service while improving the user experience?”
Salesforce also continues to focus on zero trust and verifying all traffic and all identities, including nonhuman ones such as service accounts or machines. “Ensuring that we have strong authentication and fishing resistance is big,” Robinson adds. “But we’re also focusing on how we can corral threat actors if they breach our environment, continuously monitoring and adapting to signals from different things happening in our environment and responding to in the identity environment.”
As Keurig Dr Pepper continues its move to the cloud, the company is streamlining processes and ensuring its employees have the proper access at the right time for optimal efficiency. “We’re excited about the things that cloud enables us to do, such as scale and move fast enough to match our business needs,” said Warhurst. “To do that, we’re embracing security by design as a company, and identity security is a central part of that.”
Tips for identity security success
When it comes to identity security, each organization has particular needs. It can be a complex challenge to figure out the optimal way to use identity security within your organization, so it’s helpful to have tips from experts who have gone first.
For Robinson at Salesforce, an essential learning in effectively deploying identity security relates to controlling the process for the right reasons.
“You’ve got to have a vision and strategy for where you want to take IGA and find ways to bring the business along with you and force them to use your patterns,” said Robinson.
“If you simply migrate individual applications one off to an identity security platform tweaking as you go, you’ll end up with inconsistencies in your integration patterns and a Frankenstein’s monster because each application will be custom.”
Lori Robinson, Salesforce
In addition, Robinson suggests that organizations focus on data. “Data matters,” Robinson said. “Many organizations have multiple identity systems in their environment and don’t have a clean data layer. So, if you’re just starting, think about the data layer. It’s important to everything else you do.”
From Warhurst’s perspective at Keurig Dr Pepper, a crucial step for a successful identity security program is to embrace, really embrace, your users.
“Find out what the user’s experience is like. Develop empathy for the user. Talk to the user,” said Warhurst. “Embracing your customers and finding out what they’re facing as they interact with applications will help a technology-focused team design more effective solutions for real-world situations.”
Driving business value
Companies such as Keurig Dr Pepper and Salesforce are leading the way in showing how identity security technologies not only fulfill crucial security requirements but are also enabling business growth and future agility. From helping employees get their work done more effectively to enabling secure remote access to enabling trust, identity security is the technology engine that’s driving future business value.
Watch the Navigate 2023 customer panel that featured Salesforce and Keurig Dr Pepper.
Discussion