Supermarket Mega Merger – Massive Risk Assessment and Mitigation for Albertsons / Safeway

customer albertson safeway help4access risk mitigate migrate convert

MERGER: Help4Access Automated Custom Tools Cut IT Risk, Migrating 65,000 Legacy Access Database Applications

When two supermarket giants merge, it’s not just stores and grocery inventory that must be joined together. There’s also IT infrastructure, which comes with an element of IT risk. In 2018, Safeway became a subsidiary of Albertsons – and Safeway’s vast collection of legacy Access databases emerged as a risk factor to be evaluated and managed.
As the acquirer, Albertsons mandated that Safeway adopt Microsoft Office 365. When Safeway readied its migration to Office 365, it tallied 65,000 Access databases that had sprung up at many locations over recent decades. The result was a complex web of no-longer-supported data repositories on which daily operations depended.

Albertsons engaged Help4Access to plan and manage Safeway’s enterprise-wide migration to Office 365, because they realized that regional divisions still depended on Microsoft Access database applications developed by shadow IT groups dating back as far as the 1990s.

IT Risk Offers an Opportunity in a Merger

A single legacy database, no longer supported by its vendor or developers, poses a risk to the overall business. With 65,000 such databases, the risk must be taken seriously and mitigated with care. Help4Access took on the task of helping Albertsons assess the scope and severity of risk posed by Safeway’s Access databases, and organize the migration to other platforms including SQL Server and Microsoft Azure.

Many of these database applications had been created in regional offices and used older versions of Access that Microsoft no longer supports. Inevitably, the databases were out of sync with current corporate standards and practices. The merger offered the opportunity to size up and prioritize the most important candidates for migration to SQL Server.

“We looked at the scope – Safeway’s sixty-five thousand-plus Access databases distributed across 2,600 locations on their network consisting of 25 terabytes of data, mixed in with over 12.5 million other files,” explains Sasha Froyland, CEO, Help4Access. “It called for a highly organized process that everyone could understand, expertise in risk management and automation via a customizable toolkit.”

Help4Access divided the project into distinct phases, beginning with discovery, to find and count the potential problems, followed by risk assessment.

“We established a set of criteria by which to examine every file on the Albertsons network to find the high risk candidate files – and evaluate every legacy Access system,” says Froyland. “That required automation, and we have and continue to maintain the perfect solution – a customizable and configurable toolkit perfect for the job.“

The risks

Help4Access found that Safeway’s 65,000-plus Access databases contained several risk aspects:

  • An unknown number of them contained tables with links to other Microsoft Access applications, text files, and Excel files or other data sources such as SQL Server, Oracle, Sybase, Teradata, DB2, Salesforce and more.
  • Many locations and business units depended on these databases to perform critical tasks within operations.
  • The personnel who created and supported theses legacy systems had long since moved on.
  • The Access versions they used were no longer supported and this posed a security vulnerability.

The Risk Management Protocol

Help4Access worked with Albertsons and Safeway to create a comprehensive risk mitigation and management protocol, consisting of three major components:

  • A set of proven processes
  • A toolkit of configurable tools
  • A dedicated team of specialists

Discovery of all Access databases

In a joint effort with Albertsons/Safeway’s IT groups, Help4Access configured and deployed tools to perform a series of network sweeps followed by progressively deeper analysis after each pass. This would lead to a comprehensive list and risk ranking of Safeway’s IT assets, allowing risk analysis and what-if scenarios to be run.

Since there is no tool in the commercial market which handles the specific discovery and evaluation functions as required, Help4Access leveraged its Help4Access – Microsoft Access Discovery ToolTM, which examined the entire Safeway IT infrastructure to:

  • Discover newly created Access databases
  • Analyze every Access database on multiple risk criteria
  • Calculate a risk score for each database

Diagnosis

After discovery – once all Microsoft Access database applications were identified – Help4Access used the automated tools it had configured to meet Albertson’s specific needs to analyze each database. Additionally, Help4Access diagnosed the level of risk to the organization by each database application. Then, Help4Access interviewed business stakeholders to validate findings and reach joint approval of which Access applications posed a threat to critical business functions and should be given high priority to migrate to either on premise SQL Server or off premise SQL Server on Azure.

The Help4Access – Microsoft Access Discovery ToolTM was configured to execute multiple passes through the 65,000 databases, eliminating low risk candidates and focusing deeper on the remaining high-risk suspects. Files which met the potential risk criteria were then examined again, to cull out those which had not been opened in a long time or were very small in size to name just a few of the many risk characteristics taken into account.

Help4Access then checked every remaining suspect file to determine its MS Access version. The older the version, the less likely the MS Access database application can be easily upgraded to the latest version of MS Access and regain support. This caused older-version applications to be given a higher complexity rating.  The complexity rating is calculated using 45 key performance indicators indicative of high-risk MS Access database applications at Albertsons.  These KPIs are often different for each customer and carry different weighting unique to every customer / environment combination.

Recognizing a worst offender: Discover, analyze, mitigate, and repeat

65,000 database applications cannot be migrated all at once. Help4Access developed a protocol to analyze and mitigate the risk of all the existing databases by pinpointing which are the most critical candidates, then acting to migrate those. One obstacle: No one at Albertsons knew what a ‘worst offender’ would look like until Help4Access developed a set of distinct criteria based on Albertson’s needs. The challenge is to continually monitor the environment, find worst cases, migrate them, and start the discovery again.

“The Help4Access – Microsoft Access Discovery ToolTM applies Albertsons’ criteria to filter and subdivide the candidates, and isolate the absolute worst risk cases.”

Negotiating agreement for migration and scheduling

Since a large number of business units in different locations depended on particular Access applications for daily operations, their business requirements had to be carefully understood and assessed. This was done through direct discussion and negotiation, aimed at securing both agreement and budget approval for the migrating of the Access database applications to SQL Server. Help4Access proposed and developed a process for logging and managing the business requirements and the migration schedule. Help4Access also provided detailed risk-analysis reports to guide and speed up the discussions and decision process.

“Working with large-scale IT challenges means handling the legacy infrastructure effectively. We constructed a plan to identify the most critical Access databases, and migrate the top-ranked risks. Every week, we can repeat the discovery procedure and rank the most important current candidates. This, combined with ongoing dialogue with line-of- business decision-makers, lets Albertsons meet its goal of risk mitigation.”

Outcome

The IT teams of the merged supermarkets can now move ahead with its objective of joining and improving data management, while reducing risk and modernizing the database infrastructure. Managers have a regularly updated priority ranking of risk items in the legacy Access databases, with a clear understanding of priorities and potential impact of the migration from Access to SQL Server and Microsoft Azure.