A worldwide network with no perimeter
Anyone who’s bought a gift card from a third-party vendor has likely gone through Blackhawk Network, whether they know it or not. The company started out in the grocery industry, providing prepaid, stored-value products to connect consumers with brands. Now, they’re a private multinational organization, and their innovative in-store and online solutions have made them a market leader.
With over 70 global offices in more than 25 countries and a worldwide team of around 3,500 employees, Blackhawk Network continues to evolve as a digital business. They harness vast amounts of technology to coordinate their distributed workforce and to deliver a range of B2B, publisher, online, wallet, loyalty, rebate, and exchange services to countless partners and customers.
But a vast network of partners, vendors, and customers can lead to vulnerabilities in cybersecurity—something Vijay Bolina, Chief Information Security Officer at Blackhawk Network, understood all too well. After all, when users all over the world access the same digital systems at different times and from different locations, the traditional perimeter is fundamentally undermined.
The challenge was first addressed by implementing better password practices. Unfortunately, that too can become a complex process. “Across our various different products, services and identity repositories, there were very different policies in place from a password complexity standpoint,” says Bolina.
New M&A, new tech, new questions
Adding to this challenge, Blackhawk Network was continually expanding through mergers and acquisitions (M&A). These transactions allowed the company to branch into new fields, including the financial services sector, which calls for compliance with strict regulatory frameworks that can change from one jurisdiction to the next.
Blackhawk Network was no stranger to the fintech space—ensuring security and regulatory compliance was imperative. On top of that were the menial tasks associated with M&A activities, such as provisioning large numbers of new employees, having visibility on the newly expanded workforce, and—perhaps most importantly—making sure that everyone’s password practices were strong enough to keep Blackhawk Network safe.
Overcoming uncertainties and unifying the workforce
Bolina and his team realized that effective security had to start with strong password policies and secure login processes. But as an organization with so many partners, customers, products, and services, they couldn’t afford to introduce friction that would prevent employees from doing their work. They also identified that Blackhawk Network needed an automated solution, as manual processes introduced the possibility of human error.
Having surveyed the market for various solutions, Bolina chose Okta. It was the clear industry leader that would satisfy all of Blackhawk Network’s imminent needs, which included enabling employees to maintain one set of highly effective login credentials, enhance the verification process so that employees could be securely authorized for access from anywhere in the world, and allow IT to quickly process new employee onboarding with M&A activities.
To solve these needs, Blackhawk purchased Okta’s Single Sign-On (SSO), Adaptive Multi-Factor Authentication (MFA), and Universal Directory (UD). The combination of workforce identity solutions would reduce both the risks associated with weak passwords and the friction caused by password fatigue, as well as providing IT with a centralized, scalable platform that gives a comprehensive view of all the users in the system.
“We started off using Okta primarily for our internal employees and to enable single sign-on across our various internal applications and common sales applications,” explains Bolina. And because Okta’s Adaptive MFA solution is context-aware, his team was able to customize policies for employees inside and outside corporate premises he says.
This was another reason why Bolina decided Okta was the right solution for his organization: both parties are committed to a Zero Trust approach. In today’s cloud-driven world, where individuals can gain access to their company’s information systems on their device regardless of where they are, security leaders can’t be too careful when determining who should be granted access and how.
“Identity plays an important role in Zero Trust in two ways. One is knowing who is accessing something, two is knowing where they're accessing it from,” says Bolina. “And this is regardless of whether they are inside or outside of a perimeter.
Protect the partner ecosystem
It wasn’t long before Bolina realized that Okta would not only boost security for the company’s workforce, but for their external ecosystem of customers and partners as well. “Shortly after seeing the success with Okta for internal employees, we actually started to use Okta for our customer applications,” he says.
This not only simplified access to Blackhawk Network’s products, applications, and services for partners and clients, but also enabled IT to protect the backend by extending SSO and MFA to all enterprise apps for large customers, thus reducing the risk of account takeovers.
Since Okta has become the industry standard for identity and access management, several of Blackhawk Network’s customers were already well-acquainted and comfortable with its solutions. “Partnering with Okta as a leader in the security and identity space has really helped build trust with some of our larger global partners,” says Bolina.
“Along with B2B portals we also have B2B APIs for a lot of our partners, and so unifying the authentication and authorization approach to API security is also something that we've been heavily investing in,” he continues. Behind Blackhawk Network’s enterprise customer offerings are Okta’s API Access Management solution, along with Customer Identity Products and Directory Integrations.
These technologies ensure that every interaction customers have with Blackhawk Network’s websites, platforms, and applications is secure on the backend, compounding the protection already offered by Okta SSO and Adaptive MFA. Working in tandem, these solutions all help the company remain compliant with a range of cybersecurity regulations, regardless of what markets they’re playing in.
Looking beyond B2B
Since its inception, Blackhawk Network has also been a B2C company. “From a B2C standpoint, Blackhawk Network’s customers are people like you and me who will want to buy a gift card. From a B2B standpoint, Blackhawk Network customers are partners who want to provide gift cards to people like you and me,” says Bolina.
Generally, the company’s B2C digital markets and platforms have been too decentralized to require identity solutions; after all, those individual customers don’t have access to Blackhawk Network’s data or apps. However, as the company continues to develop their digital commerce and service offerings, there may be opportunities for ordinary customers to create accounts and access a greater variety of branded value products through Blackhawk Network. These changes would create the need for a customer identity solution that protects the personal information users trust the company with.
“Blackhawk Network is best known for its ability to connect brands with consumers,” says Bolina. “Over the next three years, Blackhawk's focus will be on deploying another digital transformation—to unify our platforms and the services that we've acquired over the past few years and turn it into something that is global in nature for all of our different consumers and partners across the world.”
About
Based in the San Francisco Bay Area, Blackhawk Network is a multinational corporation with over 35 offices worldwide and commercial operations in over 25 countries. The company specializes in delivering products and services on behalf of leading brands: they began with gift cards in grocery stores in 2001, and have continued to reinvent third-party retailing in both B2B and B2C industries while growing their digital and retail business.