Interview with Philippe De Guis, CIO at Adista

Interview with Philippe De Guis, CIO at Adista: “I wish I’d had an umbrella”

‍

"The cybersecurity risks associated with onboarding and offboarding processes are significant if they are not properly managed within organizations."

‍

This quote perfectly sums up the current challenges facing IT departments. During our interview with Philippe De Guis, CIO of the Adista Group, we discussed the logistical and security challenges associated with managing staff movements. Learn about his practical approach to structuring these processes and balancing security, productivity, and agility.

‍

The Challenge of Hypergrowth: Balancing Agility and IT Visibility

‍

In just a few years, the Adista Group has grown from 400 employees to nearly 1,000. To support this growth, the Human Resources department has implemented an HRIS to manage employees and track hires and departures.

Philippe De Guis received updates on personnel changes, but consistently ran into two major challenges on the ground:

• What needs to be arranged for each employee? IT equipment, software access, ID cards, badges, company vehicles... There was a lot of time-consuming back-and-forth via email, Teams, or support tickets with HR, managers, and administrative departments to clarify everyone’s responsibilities.
• Who has access to what? When an employee leaves the company, how can we be sure that all physical assets have been returned and that all access privileges have been revoked to ensure security?

This lack of visibility into allocated resources had a significant impact on the IT department:

A massive waste of time: IT teams spent hours trying to figure out "who has what" in order to collect the equipment and return it to a sustainable recycling cycle.

A financial drain: Software licenses remained active, and equipment was not returned by employees who had left the company several months earlier.

Faced with these challenges, Philippe De Guis sought a solution to coordinate services. Unable to find a off-the-shelf tool that met his HRIS integration needs at the time, he enlisted his developers over several years to create an in-house solution. Here are the three steps of his approach.

‍

3 Key Steps for Managing Employee Onboarding and Offboarding

‍

1. Coordinate the decentralization of resources with the business units

With the explosion of SaaS software, IT has lost visibility into the full range of applications, as business units can now procure software on their own (shadow IT).

‍

"With the explosion of SaaS, if I had to control everything, I'd spend my life playing the police, and that's not what I want to do at all."

‍

The solution advocated by the CIO? Aligning and organizing while providing support. Through a clear IT policy, the IT department delegates some of the responsibility for usage to business units, while enforcing security governance. IT becomes a facilitator rather than an obstacle.

‍

The role of the business unit: To manage the day-to-day administration of its applications (creating business users).

The role of IT: To continue serving as the technical administrator (security audits, GDPR compliance, integrations with the information system).

‍

By enforcing security requirements without compromising on functional needs, the IT department gains the trust of business units and prevents them from acquiring technology "behind the scenes."

‍

2. Compile a list of resources and define employee profiles

‍

Close collaboration between HR, business units, IT, corporate services, and procurement is essential to compile a comprehensive list of resources to be allocated.

‍

This resource repository allows you to:

• Accurately identify the internal administrators responsible for each resource when an employee joins or leaves the company.
• Define employee profiles in order to list the necessary resources for each one.

‍

"Mapping out resources and profiles is a real pain at first. It takes hours of discussion. But now that it’s done, we just have to keep it up to date as we go. By knowing what’s in place, I can make sure we don’t have 10 tools doing the same thing: that cuts costs and creates economies of scale."

‍

3. Create an authorization matrix and automate the process

‍

Once the question of "who should have access to what" has been resolved, an authorization matrix (using the LMA logic: Read, Modify, Administer) must be created to link the catalog, profiles, and permissions.

‍

This permissions table can then be used to trigger automated processes:

• Automatic creation of objects in Active Directory (AD) with the correct security groups.
• Integration with third-party software solutions via APIs.
• Sending targeted emails to managers to ensure assignments and de-assignments.

Integrated with the HRIS, this system enables the management of the employee lifecycle and facilitates regular benefit reviews to compare the theoretical framework (LMA matrix) with the actual implementation of third-party solutions.

‍

Impact and ROI: from 3 hours to 10 minutes per employee

Thanks to this structure, Philippe De Guis has reduced the time required to allocate resources from 3 hours to less than 10 minutes per transaction.

‍

"Back-and-forth emails, follow-ups, and Teams chats: all that is a thing of the past."

‍

However, this in-house development took a tremendous amount of time and effort. Looking back, the CIO admits that a packaged solution would have been preferable given the complexity of the project:

‍

"A packaged solution would have been ideal, but I couldn’t find anything satisfactory that integrated with our HRIS. Back then, I would have liked to have had a platform like Pyla to protect me from the cyber risks associated with employee onboarding and offboarding and to better manage our investments related to employee turnover."

‍

The right questions to ask yourself to take action

It’s crucial to be able to plan ahead. To determine whether it’s time to implement a specialized software solution like Pyla, ask yourself these two questions:

• If employees leave and new ones join tomorrow, will I be able to onboard and offboard them effectively without creating a security breach?
• Even with low turnover, have I structured and documented these processes so as not to be dependent on the expertise that a few employees have acquired over time?

‍