Alliance Data eases growing pains with Okta
- Old infrastructure, new companies
- An overwhelming workload
- Achieving consolidation
- A whole new world
Since its inception, Alliance Data has grown both organically and acquired numerous businesses. For its internal business operations, the Fortune 500 corporation, provides shared IT services while allowing its business units to manage their own operations. Alliance Data’s complex, on-premises infrastructure, however, caused significant friction for employees and IT staff alike.
The organization’s IT environment was fragmented, difficult to manage, and expensive to maintain. Alliance Data had tried various single sign-on solutions, but none of them could accommodate on-premise applications. IT staff spent large portions of their workday simply keeping the lights on, and outages occurred frequently. Adopting a cloud-first posture would help, but only if Alliance Data found an identity partner that could support a hybrid infrastructure.
Alliance Data found an ideal partner in Okta, and layered Universal Directory, Single Sign-On (SSO), Adaptive Multi-Factor (MFA) and Access Gateway on top of its apps, centralizing their access management solution and infrastructure. With these products in place, the company avoided changing source code for their on-prem apps, which made for a quick and seamless implementation. Now, the company enjoys secure and consolidated access to cloud and on-premise apps.
Alliance Data’s newly unified infrastructure is greatly improved, and seamless. Employees love the simplicity of self-service password reset and a single sign-on solution that provides access to all their tools. IT staff appreciate having a more manageable workload, including a reduction in helpdesk calls. Alliance Data is pleased with the security, stability and scalability of its new hybrid environment. And everyone involved benefits from the Zero Trust security approach made possible by consolidation.
Seeking a perfect hybrid solution
Like many large organizations, Alliance Data maintained a complex IT infrastructure with a data center, on-prem solutions, and a VPN, but as the company grew through M&A, it required the agility and scalability of a cloud-based infrastructure. Alliance Data still needed to maintain some of its on-prem solutions, so it searched for an identity partner that could support—and consolidate—a complex, hybrid infrastructure. Fortunately, Alliance Data found Okta.
Three years ago, we had user accounts everywhere, and nothing was centralized. Our large, mature, mostly Oracle-based applications were the 100-pound gorilla in the room. Okta blended the experiences into a hybrid solution.
Darren Linden, Head of Corporate IT Services at Alliance Data Systems
- Convenient user access increased productivity and flexibility
- Reduced workload for IT, including helpdesk calls
- Increased security with Zero Trust approach
- Flexible hybrid infrastructure that supports a wide variety of solutions
- Scalability that keeps IT workload manageable during M&A
- Reduced maintenance overhead
- Self-service password reset for all apps
A growing concern
The complexities of maintaining your IT infrastructure during and after acquisitions can feel almost insurmountable. The good news is: with the right solutions in place, it’s not.
A couple of years ago, Alliance Data , a global Fortune 500 company, was experiencing a significant amount of IT friction associated with its internal infrastructure. Billed as “the engine behind loyalty and marketing campaigns for consumer-facing companies worldwide,” Alliance Data is built like a holding company—which means it has independent business units and reporting segments.
“Alliance Data has experienced growth over the last decade, both organically and through acquisitions,” says Darren Linden, Alliance Data’s Head of Corporate IT Services. “Each of our businesses bring best-in-market capabilities to their customers, and Alliance Data provides its business units with core enterprise platforms including Finance/FP&A, HR, Business Intelligence, etc.
Before Okta, Alliance Data’s IT infrastructure consisted of a traditional data center with a lot of hardware, heavy-duty on-prem applications, and a few SaaS solutions.
“We had a very old Microsoft stack,” says Linden. “We had no single sign-on. We had different lines of business that required different user credentials. From an IT standpoint, the worst part was that we had very smart people spending their days just trying to keep it all working.”
At one point, 20,000 international employees relied on this fractured infrastructure, but it became increasingly complex and difficult to manage. The lack of consolidation also caused outages and frustrated end users. Even basic processes, like logging into systems, were time-consuming.
The company had tried to improve its employees’ user experience with single sign-on, but the infrastructure was too complex to provide access to cloud-based and on-premise apps. Alliance Data had developed a workaround--using credentials to manually sign in to on-premise apps--but that was inconvenient, and it only worked when the LDAP platform was functioning well.
“The infrastructure was very fragile in terms of trust, with user accounts working on some apps but not others,” says Linden. “We knew there had to be a better way to serve the global business units that comprise Alliance Data.”
Mind the gap
The organization needed an environment that would scale efficiently and effectively as it continued to acquire new companies. The solution? Consolidating its fractured environment by building a cloud-first, hybrid infrastructure.
“Basically, we took a clean whiteboard and we asked ourselves what we wanted to do,” says Linden. “Our number one goal was to provide a single user experience across the entire employee population, regardless of line of business or location. We needed to provide multi-factor authentication and self-service password reset.”
Fortunately, it didn’t take Alliance Data long to find the right fit. “Okta was a no-brainer,” says Linden. “It was the right answer for our cloud services, and our large, mature, mostly Oracle-based applications were the 100-pound gorillas in the room. We have a great relationship with Okta, and they said, ‘Hey, we understand your problem—and we can help you.”
A dream deployment
When it was time to deploy, Alliance Data began by placing Okta’s Universal Directory, Single Sign-On (SSO), and Adaptive Multi-Factor Authentication (MFA) at the core of its infrastructure. Together, these Workforce Identity products allowed Alliance Data to easily manage and protect cloud-based applications—while simplifying the user access process.
“Okta really is the face of our applications to our employee end users,” says Linden. “It's great because it's cloud-agnostic which, for an IT provider like our group, makes our job easier. We don't run into, ‘Hey, Okta's not certified with this cloud or that cloud.’ Instead, it's very seamless and it's really plug and play, which gives us the freedom to deploy systems where it makes sense.”
After Alliance Data established a base for its SaaS apps, it shifted its focus to its on-premises solutions, placing Okta Access Gateway, an on-prem identity solution that integrates easily with Okta’s other products, at the front door of its workflow. Now, 93 production apps, including 19 major on-premise apps, are integrated with Okta.. Include the apps that live in Alliance Data’s lower environments, and that’s approximately 200 cloud and on-premise apps, all accessible through a single location on the Okta dashboard.
“On the Okta dashboard, there’s a SaaS icon and a PeopleSoft icon,” says Linden. “We know that it’s technically a hybrid architecture behind the scenes, but for the end users, it's a great experience. The apps are always on, always available, regardless of where they are deployed.”
Once all cloud-based and on-prem apps were gathered under the Okta umbrella, Alliance Data extended its consolidated authentication and access management capabilities across its entire infrastructure, beginning with its main Alliance Data group. When that was done, the framework was rolled out to the business units.
“We didn't even have to manipulate the directory structures in the business units,” says Linden. “We left them loosely coupled so they could manage their companies their own way, but still sync to Okta. That's where we control access to the applications. It's been very light-touch, which has been good for our business.”
With the Okta framework in place, Alliance Data has now achieved its goal of becoming a cloud-first organization while improving its security posture for cloud and on-prem apps. “This initiative impacted our business by really enabling us to have a cloud posture with these large, mature, on-prem apps,” says Linden. “We essentially have no on-prem data center at this point, thanks to the power of Okta.”
High-level data protection
This modernization initiative has also improved Alliance Data’s security posture. “The efforts involved in the authentication and security aspects of our applications have been greatly reduced due to Okta. Access Gateway is a hardened solution that requires minimal infrastructure and overhead for deployment and maintenance. And the other Okta products are beautiful because they make it easy to manage a great user interface.”
As a result, Alliance Data’s access management capabilities are stronger and more granular, especially with Adaptive MFA layered in. “We didn’t have multi-factor authentication for on-prem and cloud apps before Okta,” says Linden. “Our users were tied to a VPN. Now, the apps are always on. Users can access them from anywhere, with a strong, trusted multi-factor step in the process.”
That goes for on-prem apps too, of course. “Access Gateway prohibits unauthorized access that hasn’t already been validated and approved by Okta,” says Linden. “All of our users authenticate via Okta first, then, if they’re off-network, Okta prompts for MFA factors.”
Once their identities have been authenticated, users can go ahead and access their apps through the Okta dashboard. “Our end user experience is great and we’ve increased our security posture,” says Linden. “It’s foundational to a Zero Trust environment. It’s easier to ensure that our customer data is protected and user access is only granted when necessary.”
A delightful experience
Eliminating outages was one of the most exciting outcomes of Alliance Data’s modernization effort with Okta. With the new, consolidated framework and self-service password reset requests, employees are more productive than ever--especially since they no longer have to waste time calling the helpdesk for assistance.
“Okta’s Workforce Identity Products SSO, MFA, Universal Directory, and Access Gateway definitely provided a seamless experience to end users,” says Linden. In fact, Linden says that Alliance Data’s infrastructure is so seamless that many employees don’t even know they’re using Okta. “It reduced the complexity for both our IT staff and our end user population while improving our security posture and really driving service forward for us.”
Alliance Data has also achieved the scalability it needed to accommodate future growth. “At the end of the day, Okta gives us the agility to keep up with our business more efficiently and effectively, and as we grow,” says Linden. Okta will continue to play a key role in supporting Alliance Data’s secure, user-friendly environment that easily accommodates business growth while allowing its business units the flexibility to self-manage.
“We measure the success of an acquisition in several ways,” says Linden. “One of our rules is ‘don't disrupt the business.’ We want them to be part of the family but loosely coupled, so they can continue to drive value to their customers. Having such a lightweight, cloud-based experience allows us to easily provision new users, and that drives value for them. Okta was a slam dunk.”
About Alliance Data
Alliance Data is the engine behind loyalty and marketing campaigns for consumer-facing companies worldwide across all industries: retail, travel, pharmaceutical, financial services, auto, and more. Through its data analysis and expertise, Alliance Data is able to understand millions of individual consumers and their habits. It understands where people like to shop, what device they like to use, the time of day they prefer, what they’re shopping for, and the specific message that will interest them in a purchase. These data-driven insights enable Alliance Data to build dynamic, creative loyalty marketing programs and strengthen relationships between its clients and their customers.