Banking on Efficiency Maintaining financial services compliance requirements
BOy Kim Rahfaldt
perating in more than 4,000 buildings, one of the largest U.S. banks could not keep up with the onboarding and off-boarding of 300,000-plus
employees, contractors, vendors and visitors. Thousands of people were involved in ap- proving building access, all working in differ- ent departments at different locations, each with their own manual processes and com- pliance requirements. The sheer number of identities to manage was overwhelming and consisted of cumbersome, manual processes using multiple emails and phone calls across
the organization.
It often took days to get a new employee
an access card. Scarier yet were delays in re- moving an identity from the system, giving ex-employees and non-employees access af- ter their termination dates. All of the manual processes above bogged down the Security Operations department in volleying emails, running reports and doing endless data en- try. Rather than hire more people to resolve these issues, the bank looked at technology to streamline its operations, increase efficien- cies and manage identities.
Identity Compliance
Maintaining financial services compliance re- quirements by manually auditing individual access privileges was nearly impossible. The Security Operations audit process consisted of Excel sheets that were shared and reviewed securely by various teams but took months to complete. The bank was falling out of compli- ance and wasting money.
Implementing AMAG Technology’s Symmetry CONNECT web-based identity management platform with Symmetry Ac- cess Control automated all of these manual processes. Automated notifications sent via CONNECT workflow automated re-certi- fications and access requests, allowing the bank to enforce compliance requirements.
The bank faced many challenges, but one of the most significant were the manual on- boarding and off-boarding process for the more than 30,000 employees, vendors and contractors. The email- and paper-based access request process involved thousands of local approvers, lacked a cost effective way to review, audit or complete access privileges, and created an inefficient security department based on a centralized security architecture.
Other challenges made it impossible to enforce corporate audit and security policies
and implementation of a homegrown system that produced a 31 percent completion rate of quarterly access audits.
Streamlined Access
Using this solution allowed the banking system to use a policy-based identity man- agement platform to automate all manual processes, improve efficiencies, reduce risk and help bank meet audit and compliance requirements, register more than 3,000 ac- cess area owners, and provide notifications and escalations to be automatically sent to access owners and managers during audits to enforce compliance.
Banking staff have been able to com- plete quarterly audits per corporate policy, streamline the access request process and eliminate all manual work efforts, as well as implement distributed security architecture to more efficiently manage identities.
With this solution, the bank achieved au- tomated on and off boarding, the distributed model, increased efficiencies meant faster turnaround with lower labor cost and auto- mated workflow provided simple method for
access area owners to action access requests. The bank estimated that it will save more than $1 million in annually and be able to create audit reports instantly to meet com- pliance requirements. This update also will reduce access confirmation audits from more than 1 million to 500,000 and provide 100 percent completion of every quarterly audit since implementation.
Using the identity management soft- ware, the bank restructured its operations to a distributed model, allowing access owners to action access requests, audit their secure areas and manage identities with the click of a button. This eliminated the security team bottleneck, saved the bank millions of dollars in labor and created a safer environ- ment. Detailed audit reports allowed the bank to prove that com-
pliance requirements
were met and maintained
over time.
Kim Rahfaldt is the pub- lic relations manager at AMAG Technology.
8
0218 | SECURITY TODAY
BANKING SECURITY
aurielaki/Shutterstock.com