Government of Israel
Develop and deploy a secure cloud foundation within a highly compressed timeframe
Google Cloud
delivery of a secure cloud foundation able to support a pilot migration
structure accommodating numerous government ministries
technical architecture supporting future cloud deployments
Click on each part of the journey to learn more about our client’s transformation.
Looking for the “one way” forward after acquisition-fueled growth.
Albertsons is committed to “one way.” Meaning that, as large as the company becomes, it aims to remain unified in its vision and in the systems and tools that support it.
Acquisition-fueled growth naturally opens the door to “many ways.” By 2019, different divisions and subsidiaries had their own back-office solutions. People, processes, and data were becoming more siloed.
A different kind of company might have assumed that decentralized processes are an acceptable consequence of multiple acquisitions. Or that you can’t be one of the biggest industry players and move with startling speed and agility when it comes to acquisitions. But accepting trade-offs like those is not the Albertsons way.
Company-wide opportunities
Finance Opportunities
HR Opportunities
290,000+ Albertsons employees come together every day in the cloud.
Today, cashiers at 2,200 stores all log their hours via the same mobile app. That data flows seamlessly to payroll, and across the enterprise-- where it’s available for everyone from store managers making data-driven staffing projections to CFOs reviewing budgets.
Back-office staff spend less time on manual processes and more on analyzing data in ways that help lower costs and improve performance every day, and inform due diligence during acquisitions.
HR executives and business managers find it easy to access candidate information, share observations and schedule interviews, quickly and easily moving the right candidates through the hiring process.
And candidates who become new hires, continue through the same efficient, cloud-based environment as they complete onboarding and get to work—already a part of Albertsons’ “one way.”
Company-wide success
Finance Successes
HR Successes
Making sure the “one way” continues to be the best way.
Long before the go-live date, Albertsons was collaborating with Oracle and KPMG about future initiatives. They wanted to know what to expect from upcoming product releases and how they should be planning to leverage new functionality.
The company’s agile mindset combined with its investment in Oracle Cloud and KPMG Powered Enterprise will keep it in a position to continue evolving, always finding the best way forward as one, strong enterprise.
Finance Vision
HR Vision
Click on a phase to scroll down to its description.
Drawing on our broad experience to solve a highly specific set of challenges
KPMG drew on four of our member firms (in the U.S., Germany, Israel, and India), and on four key service lines to assemble a team with the skills and experience to meet the Israeli government’s needs.
Core team members had extensive experience in cloud foundation architecture for large government projects, multi-cloud development, migrations, and environment security. We also delivered artifacts, IaC/PaC templates, and playbooks that have been continuously updated and codified over multiple engagements. As a result, our team was able to mobilize quickly, integrate seamlessly with Israeli government teams, and rapidly assess the current- and future-state requirements.
After gaining a clear understanding of the government’s needs and establishing a high-level architecture, we assigned tasks across three, 3-week sprints focused on iteratively enhancing the cloud foundation and its capabilities.
Once we had gathered technical requirements including networking and security, logging, monitoring, and alerting, and regulatory requirements, we began extensive design sessions across key domains including governance, security, and networking.
Setting up the basic cloud foundation structure
We got to work setting up a structure that would support the more basic cloud foundation needed in the short term, and provide a strong foundation for a fully enabled, production-ready migration factory.
Security was among the top priorities. We reviewed baseline security controls and provided a framework that encompasses leading practices based on standards developed by the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and the cyber security experience and insights KPMG has developed working with numerous clients.
Security controls must be closely aligned to an organization’s needs. Developing them from the ground up can be time-consuming. However, KPMG has defined and continuously refines more than 100 Google Cloud security controls. Drawing from this robust library of predefined controls, and employing the MoSCoW prioritization method (must-have, should-have, could-have, and would-have), we were able to rapidly align a precise set of controls to the Israeli government’s security standards, requirements, and framework. This included enabling Single Sign-On (SSO) and Multifactor Authentication (MFA) using Google Cloud.
We also established a resource hierarchy (folders/projects) and centralized billing, enabled a role-based model to enforce separation of duties and management of privileged access, and provided and end-to-end and observable network topology to help ensure secure connectivity between platforms, services, and users.
Leveraging leading practices to put cloud foundation and governance and processes in place
KPMG draws upon leading practices from within our own client base and from organizations around the world to design processes and policies.
After developing IaC to deploy cloud foundation features based on the design and technology specifications collected from our client, we then worked closely with them, iteratively reviewing and executing code. The goal was to empower the Israeli government to execute a continuous deployment using internal resources after the pilot migration.
Helping to ensure a smooth landing for the pilot and subsequent migrations
As with all phases of the project, this last one required creativity to meet the aggressive timeline without sacrificing capabilities or performance.
Validation
Typically, KPMG would validate all security baseline controls for configuration and effectiveness and then share the results with our client. They would then validate the controls using their own criteria. This can be a time-consuming process. So, instead, we used a rolling approach—completing and validating one set of controls and handing it off to the government for review before proceeding to the next set. This allowed our two teams to work in tandem. Also, we provided the government with documented validation steps so they did not have to create their own—further accelerating the process. Lastly, while we validated all controls for configuration, simulating all controls for effectiveness wasn’t feasible. Instead, we selected a subset and performed showbacks to demonstrate effectiveness. We followed similar validation processes for policies, groups, roles, etc.
Hypercare
Hypercare involved two go-lives. First, we conducted a soft launch involving all core cloud foundation capabilities that did not require internet access. This allowed the technical team to start using the provisional cloud foundation at the seven-week mark, providing ample time to test, validate, and report issues. We resolved these issues, added enhancements including internet access, and then completed the second go-live, confident that the cloud foundation MVP we had built would perform as planned and meet the government’s needs.
It’s not only the breadth of experience and resources we have, but the connections between them that allows KPMG to assemble the kinds of teams that can take on the most daunting challenges. For example, to help meet the government of Israel’s needs and timeframe, we tapped a KPMG specialist who had helped architect a similar cloud foundation. That KPMG specialist tapped others with deep insights into multi-cloud development, migrations, environment security and, of course, Google Cloud. Tell us about the challenges you’re facing, and we’ll show you the team that can help solve them.
When data silos, manual processes, and fragmented reporting capabilities are left in place, you sacrifice speed and agility. And when you rely only on internal data, instead of leveraging third-party sources, you reduce your insight into shifting consumer demands and market opportunities. Rapidly integrating financial operations, establishing healthy data ecosystems, and optimizing reporting environments are all key to the kind of insight-driven decision-making that helps capture optimal value from every deal.
At KPMG, we know financial operations and data and analytics. We know the CPG industry. And we’ll get to know you. Then we can work together on transforming your business.
If your organization is making a move to the cloud, talk with us first about the best path to take and what to watch out for on the way.
