Customer Story

Solutions at-a-Glance

Single, globally available SSO platform gives employees seamless and secure access to 30 applications and counting

MFA for remote employees provides critical security protections and makes access control simple

Easier sign-on process resulting in a significant reduction in related IT help desk calls

Deeper visibility and audit into who is accessing which system supports Inchcape’s data governance goals

Inchcape Ignites Identity and Access
Management to Drive the Next Stage of
Their Digital Transformation Journey

The Objective

Inchcape is the leading independent multi-brand automotive distributor and retailer, operating in 33 markets with a portfolio of the world's leading car brands. Inchcape has diversified multi-channel revenue streams including the sale of new and used vehicles, parts, service, finance, and insurance.

Inchcape operates across every link of the post-factory automotive value chain for their OEM partners, providing a highly efﬁcient, customer-focused route to market that delivers shared rewards at every stage. The automotive distribution and retail markets are highly fragmented, and Inchcape applies a disciplined use of capital to fuel further growth through selective participation in market consolidation.

As of 2018, Inchcape has over 1,100 locations within its distribution and retail network. This global footprint is supported by a range of software applications that includes a large estate of Microsoft productivity tools, Salesforce, BrightEdge SEO, and iPower ERP software along with continual investment in the digitization of the customer experience.

As part of their ongoing “Ignite” strategy, Inchcape is structured to drive continual improvement and the spread of best practices across all their operations. To this end, in 2016, Inchcape began a project to rationalize its identity and access management (IAM) platforms with the aim of streamlining the user experience, strengthening its security posture, and enabling more use of cloud and SaaS.

The Challenge

We have grown rapidly through acquisition but our global infrastructure was starting to become rather fragmented,” says Gareth Nutt, Group Chief Technology Officer for Inchcape. “We are a global organization and we need to have a global set of IT services to ensure that every employee, no matter where they are in the world, has seamless and secure access to IT.”

Inchcape has a comprehensive cybersecurity strategy in place. This starts with defined information assets and benchmarked security controls to ensure best practices. This multi-level strategy includes global vulnerability and risk scanning to enhance the likelihood of early response and intervention. The company has maintained a significant investment in advanced network threat detection and malicious communications filters. Physical and logical security measures control access to key infrastructure that is also subject to regular penetration testing. This is further supported by encryption of valuable and sensitive data along with cyber awareness training deployed to all relevant staff globally.

Digital transformation is an ongoing focus for Inchcape, and Ping is a critical foundation to make sure that security is always at its core.

Gareth Nutt

Group Chief Technology Officer, Inchcape

The Solution

To ensure their IAM solution would adhere to this best practice approach, Inchcape consulted Gartner, an analyst firm, for recommendations. Nutt and his team whittled down the longlist of recommended vendors to a shortlist of three solutions, which progressed into a Proof of Concept phase for more detailed testing.

“We put all three vendors through their paces over several months,” says Nutt. “What we liked most about Ping Identity, and what ultimately made us choose its IAM solution, was its flexibility, neutrality, and competitive cost.”

“Ping did not favor any particular approach or vendor and proved it could integrate with every application across our estate,” says Nutt. “We also appreciated the deployment flexibility. It can run on any type of platform that we could potentially need whether that’s Linux, Windows, in the cloud using Docker and containers, or even as-a-service.”

The first phase of the project consolidated 26 individual Microsoft Active Directory forests spread across 33 countries into a single, globally available, and managed single sign-on (SSO) platform.

Next, the team began integrating a line of business applications used by sales, operations, marketing, and HR teams into a policy-driven single sign-on architecture. This integration process was simplified by several built-in connectors to popular applications plus deep support for key IAM standards such as SAML, OpenID, OAuth, SCIM, and Web Services Federation.

“After an initial learning curve, we quickly got up to speed and have integrated around 30 applications so far,” says Nutt. “This flexibility was critical for us and we now treat Ping like a Swiss Army knife—it can integrate anything with anything, once you know the basics,” he adds.

The security aspects of the project are also supported by regulatory constraints such as GDPR. “We hold data on customers from across the world and we need to make sure that only staff with the appropriate rights can access data in accordance with national and international data privacy regulations. Ping has become an active part of this governance process.”

The company has also implemented multi-factor authentication (MFA) controls for remote users that sign on from home or use mobile devices. The use of MFA and tokens has also been extended to the granting of admin-level privileges to critical systems to protect against insider attacks.

“One of our goals is to make access control simple while delivering a level of security that not just meets but exceeds best practice,” says Nutt, who points to the example of their cloud API server that requires authentication via Ping to negate the risk of shared, lost or stolen credentials.

The Results

In terms of benefits, Inchcape has met its objective of rationalizing their access management while exceeding best practice criteria. Nutt reports a high level of appreciation from their staff, especially remote workers who now have a simpler login process. IT help desk has reported a significant reduction in calls related to sign-on issues. The IT department now has much deeper visibility and audit into who is accessing which system to support their wider data governance objectives.

As the IAM and SSO projects have grown, Inchcape has scaled its Ping Identity infrastructure in lockstep. “We have done this only once during the project and it was a painless process that just required us to provision more compute and RAM to our virtual instances and restart,” he says.

In terms of reliability, Ping has also surpassed Inchcape’s expectations. “Our business covers 22 time zones and almost every minute of the day, someone, somewhere is requesting sign on. Ping has been absolutely rock-solid and we have had no outages or performance issues—once you have it configured, it’s a case of set and forget,” Nutt adds.

Inchcape’s position on information security and IAM is based on a continual assessment and adaptation methodology. “We take information security incredibly seriously and we expect to continually expand the Ping platform across more countries with more integrated applications and business functions,” says Nutt.

More About Inchcape

Inchcape is the global distribution and retail leader in the premium and luxury automotive sectors. The company has been listed on the London Stock Exchange since 1958, is headquartered in London and employs around 18,700 people and generated 2018 revenues of £9.3bn.

Learn more at www.inchcape.com

Inchcape Ignites Identity and Access Management to Drive the Next Stage of Their Digital Transformation Journey