Information security is a top priority for Colruyt Group. We do our best to always secure our customers’ data in the best possible way. The communication with the outside world, such as suppliers, is also optimally protected. At our IT department Business Processes & Systems, Michael Boeynaems and Peter De Herdt work in a team that takes security to an even higher level. The World Password Day is an excellent opportunity to put their work in the spotlight.
Logging in with only a username and a password is outdated. That is a strong belief of Michael, IT Architect and Analyst at Business Processes & Systems. “The world is changing, both within Colruyt Group and in the outside world. It is becoming a mobile world: people are requesting information with a smartphone, a tablet or a smartwatch.” According to Michael, the evolution with smartphones is an improvement for both safety and ease of use. “Just look at logging in with a fingerprint or face scan. I believe less and less that security and usability are mutually exclusive.”
To be ready for a safe future, Colruyt Group chooses to implement multi-factor authentication (MFA). That combines at least two different ways of logging in. Peter, Business Architect at Business Processes & Systems: “That means that, for example, an employee logs on to an application with his password and an additional factor of authentication. For example with a fingerprint. Today many people already do bank transactions with their smartphone. Those systems are very intuitive.”
The evolution towards new MFA authentication mechanisms is inevitable at Colruyt Group, and that also requires an evolution of the systems. “We have to adopt global standards,” says Michael. “Today we still use a home-made application. In the past, it used to be possible to stay in the cocoon of the company. You could come in, turn on your PC and that was it, you could work. Times are evolving. We have to open up more.”
For Peter, this is another reason for this evolution to international standards that have been extensively assessed for their safety. “Colruyt Group wants to externalize its services and data, for example for a transport company with which we collaborate. That means we can only use the most secure applications.” Michael: “The advantage of the international standards is that we do not enclose ourselves by building a one-time usable application that we may have to replace in five years. That is a method from the past. Financial institutions, the typical forerunners, already did this a few years ago. This is now also a common evolution in retail.”
Michael sees many possibilities with open standards, these are solutions for almost all issues that he is confronted with. “That is actually nice. We are first and foremost looking for solid protection. And we are also looking for the right standard. And that evolves very quickly. Those standards, that sounds boring, but actually they are beautifully functional. It is interesting to see what the possibilities are. In this project I can focus very well on authentication and delve deep into that technology.”
Peter has been working for Colruyt Group for a year and already has a broad view of the company thanks to this project. “Authentication affects the entire organization, it is ideal for me to get to know all aspects. Also because it is a Belgian company. You have much less impact in a large multinational. But here I feel that as a business architect I can make a difference.” Michael also thinks that the local aspect is important. “The decisions are made here in Belgium, in Halle. In a multinational, a decision is made somewhere in the US and you have to implement it slavishly. But at Colruyt Group you get more satisfaction, you get more responsibility.”