Finding new opportunities in the midst of a crisis

COVID-driven remote work spurs a major security upgrade at a global bank



A major global bank


Financial services

Primary goal

Ensure secure collaboration and controls

Primary platforms

Microsoft Azure and Microsoft 365


When COVID-19 forced employees to work remotely, the U. S. subsidiary of a global bank needed to improve the security and compliance of online collaboration via Microsoft Teams. Like so many businesses, our client was stunned by the sudden changes to its workplace. But management also saw that the challenges of remote work were an opportunity to make security upgrades to improve performance and empower employees. As a longtime advisor on Information Technology (IT) issues and cyber security, and as a Microsoft Inner Circle Partner, KPMG was asked to help reconfigure systems to be more secure, collaborative, and efficient.


Key outcomes – Overall


easier, more secure


on a single global platform

Better protection

from cyber threats

Key outcomes – Cyber security

Clearly defined

operational model for secure sharing

Full use

of Microsoft 365 security and reporting

Lower risk

of compliance and regulatory issues

Client transformation journey

Click on each part of the journey to learn more about our client’s transformation.

  • Where they were
  • Where they are
  • Where they’re headed

Where they were

Looking for the “one way” forward after acquisition-fueled growth.

Albertsons is committed to “one way.” Meaning that, as large as the company becomes, it aims to remain unified in its vision and in the systems and tools that support it. 

Acquisition-fueled growth naturally opens the door to “many ways.” By 2019, different divisions and subsidiaries had their own back-office solutions. People, processes, and data were becoming more siloed.

A different kind of company might have assumed that decentralized processes are an acceptable consequence of multiple acquisitions. Or that you can’t be one of the biggest industry players and move with startling speed and agility when it comes to acquisitions. But accepting trade-offs like those is not the Albertsons way.

Company-wide opportunities

  • Replace nearly XX aging applications that differed across divisions and subsidiaries
  • Reduce manual, disparate processes freeing up more resources for advanced analytics
  • Enable enhanced reporting and make it more widely available across the enterprise
  • Act with greater speed and agility to capture value in acquisitions

Finance Opportunities

  • Process XXX,XXX transactions per month with greater efficiency
  • Reduce 10,000+ manual journal entries per period
  • Decrease >3-week close
  • Shorten the >3-month annual budgeting cycle
  • Provide better support for a growing e-commerce busines
  • Control rising finance function costs and derive greater value 

HR Opportunities

  • Decrease hiring and onboarding times to keep pace with staffing needs
  • Be more efficient in complying with more than 800 collective bargaining agreements and dozens of government contracts
  • Introduce enterprise-wide training programs
  • Unify and automate workforce administration processes across the enterprise

Where they are

290,000+ Albertsons employees come together every day in the cloud.

Today, cashiers at 2,200 stores all log their hours via the same mobile app. That data flows seamlessly to payroll, and across the enterprise-- where it’s available for everyone from store managers making data-driven staffing projections to CFOs reviewing budgets.

Back-office staff spend less time on manual processes and more on analyzing data in ways that help lower costs and improve performance every day, and inform due diligence during acquisitions.

HR executives and business managers find it easy to access candidate information, share observations and schedule interviews, quickly and easily moving the right candidates through the hiring process.

And candidates who become new hires, continue through the same efficient, cloud-based environment as they complete onboarding and get to work—already a part of Albertsons’ “one way.” 

Company-wide success

  • Installed a single, modernized digital platform serving the entire enterprise
  • Accelerated the project schedule by XX-months due to a dual-installation of Finance and HR
  • Migrated 290,000 employees from legacy systems to Oracle Cloud
  • Increased insight-driven decision making across functions, driving performance and growth gains

Finance Successes

  • Decreased balance sheet reconciliations by 85%
  • Achieved a consolidated retail and corporate close within a shortened period
  • Reduced the types of P&L statements from 100+ to 4
  • Reduced operations costs across the board
  • Enhanced availability of data-driven insights that help to capture maximum value during acquisitions

HR Successes

  • Installed an automated, central solution to efficiently administer 800+ complex union agreements for all employee populations
  • Deployed a custom application for union rule processing enabling a single HCM platform to administer benefits to all employee populations
  • Created a digital-first, digital anywhere experience resulting in higher employee engagement
  • Reduced new hire onboarding time
  • Reduced the time it takes to fill staffing vacancies
  • Streamlined and improved the process integration of new employees post-acquisition
  • Integrate processes and technology across the employee lifecycle from recruiting through compensation and performance

Where they’re headed

Making sure the “one way” continues to be the best way.

Long before the go-live date, Albertsons was collaborating with Oracle and KPMG about future initiatives. They wanted to know what to expect from upcoming product releases and how they should be planning to leverage new functionality.

The company’s agile mindset combined with its investment in Oracle Cloud and KPMG Powered Enterprise will keep it in a position to continue evolving, always finding the best way forward as one, strong enterprise.

Company-wide vision
  • Continue to enhance analytics-driven planning and forecasting
  • Optimize the supply chain

Finance Vision

  • Achieve a continuous, virtual accounting close
  • Increase data monetization 

HR Vision

  • Migrate payroll, benefits, and absence mangement to Oracle cloud for 2023
  • Insource benefits administration
The reason our clients trust us is because we’re always on their side. There were many instances during this engagement when the client wanted additional security features that weren’t normally supported by our vendor partners. We could have tried to scale back what they were asking for, or tried to find an alternate solution. But we knew it was important to them, so we passed the request on to the vendors and got them to make adding them a priority.

– Vivek Saxena, KPMG Engagement Leader

Enabling Secure Collaboration


With the increased adoption of cloud computing, and the globalization of systems, processes, and supply chains, more customer data is being collected, retained, disclosed, and transferred around the globe.

Unfortunately, data breaches continue to rise, so it is more important than ever to build trust in how we are handling customer data.

KPMG is leveraging Microsoft technology to build cyber security solutions that prevent data loss and identify and monitor threats.

In this demonstration, we show how we helped a global bank secure one-drive file sharing among employees and non-employees.

Adele, a retail manager, is on a group chat with her colleague Christine and Sai, an external insurance agent. They are discussing Mortgage and Sales documents. Adele intends to separately share all files with Christine and then share only the public documents with Sai.
Unfortunately, she makes a mistake and uploads all of the files to the group chat. This presents a potential data breach for the bank.
Christine, as an employee of the bank, is able to view and open all of the files. She can also view the security controls for each and note the ones that are marked as confidential.
Sai has access to all non-sensitive, public files that are shared.
However, since Sai is not an employee, when he tries to open one of the documents containing confidential information, the system automatically denies him access. Based on the content and sensitivity of the file, the bank’s cyber security tool flags confidential documents and blocks access to external users. This helps protect them from data breaches.

Leveraging the Microsoft Compliance Center app, the bank can use data loss prevention policies to block files that are unclassified, confidential, or contain NPPI data.

The bank also uses the Microsoft Defender for Cloud app to catch misclassified and unclassified files and restrict them from being shared externally.

KPMG can help you create and implement security policies that meet your specific requirements. With the right cyber security solution in place, you can reduce data loss and incidence response time while generating operational costs savings.

Secure your organization, build trust with your customers, and gain a competitive advantage.
Business led. Technology enabled.

Learn more at:

KPMG follows a five-phase approach to better security and collaboration

Click on a phase to scroll down to its description.


1. Vision phase

Getting more out of Microsoft

Our KPMG Powered Enterprise approach to digital transformation starts by working closely with the client to establish a Target Operating Model—a best-case scenario for how new processes and technologies will work together to solve problems and create value.

Despite the previous difficulties with taking secure collaboration beyond email and videoconferencing, the client’s chief information officer (CIO) understood that Microsoft 365 and Microsoft Azure already offered nearly all the cyber security capabilities needed—the key would be configuring them correctly. And although some functions in the upgraded system would still be handled through on-premises software, a full migration to the cloud was the longer-term goal.

2. Validation phase

Consensus building at home and abroad

The next stage was to build consensus among the various constituencies within the organization on how the upgraded system should be designed, deployed, and managed. Although the project targeted the bank’s U.S. operations, extensive consultation and planning sessions were held with personnel responsible for end-user technology, security, operations and infrastructure at the global level. This made sense not only because a broader international rollout was expected in the future, but because security, risk, and compliance requirements vary by country or region.

3. Construction phase

A better model meets better technology

After conducting a final security assessment, the KPMG team identified gaps in processes and technology and recommended a new security operating model for the U.S. that would ensure a high degree of security. The new model was also designed to enhance other IT capabilities such as analytics, lean/agile operations, and cross-functional collaboration. Other important elements included:

  • Implementing a new preview feature for Microsoft DLP to meet information security requirements
  • Allowing remote employees to securely access documents via laptops, tablets, or smartphones without risk of data exfiltration
  • Activating security-specific capabilities like data classification, information protection, data loss prevention, and data management platform (DMP) policies
  • Improved monitoring and reporting of incidents in which files are shared with unauthorized users
  • Creating an end-user training guide to help employees understand the goals of the new system and how to use it effectively
  • Adapting Microsoft 365 to create automated custom reports to streamline operations and reduce overhead.

And not every part of the final design was immediately available. Thanks in part to our longtime partnership with Microsoft, (and our deep understanding of the client’s priorities), our team was able to press for enhanced functions designed to address the client’s specific needs.

4. Delivery phase

Test, confirm, and deploy

Since nearly all the U.S. bank’s 17,000-plus employees would have access to the new system, advance testing and feedback were required prior to a full rollout. The process started with a pilot launch to about 70 people in late 2021, which yielded valuable responses on everything from usability to documentation for specific features and functions. After incorporating this initial input, a larger trial reaching about 1,000 workers in the IT organization followed. Our team then opened a distribution list for these users to share questions and feedback prior to a full launch in early 2022.

The first result was that we established an interim state during the pandemic which allowed the client to consolidate all collaboration on the Teams platform. Once this solution was in place, we defined a structured path to upgrade security and enable the full range of collaboration features available from teams.

To date, the response has been overwhelmingly positive, starting with the bank’s CIO, who was impressed with the content, ease of access, and controls built into the system. More generally, the full launch produced very little disruption among rank-and-file workers who are now able to share data and collaborate more easily. There were zero complaints.

5. Evolution phase

Going global and moving to the cloud

With the deployment of the new security solution in the U.S., KPMG and the client are now planning to replicate its success in other regions. Meanwhile, KPMG continues to monitor the U.S. platform to identify new security issues and add improvements where needed.

Along with better security and more effective collaboration, transitioning to the cloud-based versions of Azure, OneDrive, and Microsoft SharePoint is allowing the client to retire local on-premises drives and data centers, delivering significant savings and balance sheet improvements.

KPMG and Microsoft cyber security

Microsoft Azure and Microsoft Office 365 are continuously evolving to provide greater security to client devices, the Azure cloud platform, on-premises infrastructure, and other cloud services. KPMG offers an in-depth understanding of both products as well as the methods and accelerators needed to improve security quickly and prepare to meet future threats. Learn more at: KPMG and Microsoft

For smart businesses, managing cyber risk means more than playing defense

Let’s talk about where you are now and your goals for the future.

Rajan Behal

Rajan Behal

Managing Director, Cyber Security, KPMG LLP

+1 214-840-2670
Vivek N. Saxena

Vivek N. Saxena

Director Advisory, Cyber Security Services, KPMG LLP

+1 610-263-2876

Related content


Microsoft, Microsoft Azure, Microsoft Data Loss Prevention (DLP) and Microsoft Defender for Cloud applications, and monitoring, Microsoft Office 365, Microsoft One Drive, Microsoft Outlook, Microsoft Sentinel, Microsoft Sharepoint, and Microsoft Teams, are trademarks of the Microsoft Corporation.