Seasoned CISOs understand that supporting business objectives securely and effectively is a top priority — a close second is to do so without frustrating users. That was the case when Stephanie Franklin-Thomas was asked to enable a shifting host of more than 100,000 frontline cleaning, parking, and building maintenance workers to clock in at global client sites and access work resources.
As senior vice president and CISO for facilities services contractor ABM Industries, she decided to focus on three priorities for the gargantuan project: Make access secure, meet business requirements, and make it easy to use. The result was a simple system for frontline workers who scan QR codes on a shared Android device located at the client site, look at the camera, and turn their heads from side to side to complete facial biometric authentication. The QR codes, issued at employee orientation, are printed on badges and will not work without live facial recognition. It was an elegant solution to a potentially massive roadblock to efficiency that was central to the company’s becoming a CSO 50 2023 honoree.
Franklin-Thomas says that getting to this stage didn’t come without trial and error. Nor was it without help. Her senior director of information security, Danyel Anderson, led the day-to-day efforts of the transformation alongside her, planning, deploying, troubleshooting, and then “coming up with a new plan” when the first test pilot proved too cumbersome for frontline team members.
A big authentication plan to meet big business requirements
As part of ABM’s digital transformation, two teams — the strategy and transformation team and the technology team — came up with an idea they called Team Connect so that all employees, regardless of where they’re working, can access timecards and other digital resources. During planning, they brought the cybersecurity team to the table and asked about the requirements to support this access.
“Sometimes it amazes me when I hear security leaders are still saying no to innovation when they should be enabling it,” Franklin-Thomas says. “When ABM came up with the Team Connect concept, we said absolutely. Just have multifactor authentication. They thought they couldn’t do it under the constraints we have, but then we showed them how.”
Since workers would be most affected by their security solutions, Franklin-Thomas and Anderson began by gathering input from those on the front lines who would use the application in the field. “ABM is largely a service company — janitorial, parking and transportation, landscaping, facilities engineering,” Franklin-Thomas says. “The frontline team members at these sites are the center of what we do. They need secure access to their digital resources — time sheets, training, messaging, and more.”