Banking on Efficiency
Maintaining financial services compliance requirements
- By Kim Rahfaldt
- Feb 01, 2018
Operating in more than 4,000
buildings, one of the largest
U.S. banks could not keep
up with the onboarding and
off-boarding of 300,000-plus
employees, contractors, vendors and visitors.
Thousands of people were involved in approving
building access, all working in different
departments at different locations, each
with their own manual processes and compliance
requirements. The sheer number of
identities to manage was overwhelming and
consisted of cumbersome, manual processes
using multiple emails and phone calls across
the organization.
It often took days to get a new employee
an access card. Scarier yet were delays in removing
an identity from the system, giving
ex-employees and non-employees access after
their termination dates. All of the manual
processes above bogged down the Security
Operations department in volleying emails,
running reports and doing endless data entry.
Rather than hire more people to resolve
these issues, the bank looked at technology
to streamline its operations, increase efficiencies
and manage identities.
Identity Compliance
Maintaining financial services compliance requirements
by manually auditing individual
access privileges was nearly impossible. The
Security Operations audit process consisted
of Excel sheets that were shared and reviewed
securely by various teams but took months to
complete. The bank was falling out of compliance
and wasting money.
Implementing AMAG Technology’s
Symmetry CONNECT web-based identity
management platform with Symmetry Access
Control automated all of these manual
processes. Automated notifications sent via
CONNECT workflow automated re-certifications
and access requests, allowing the
bank to enforce compliance requirements.
The bank faced many challenges, but one
of the most significant were the manual onboarding
and off-boarding process for the
more than 300,000 employees, vendors and
contractors. The email- and paper-based
access request process involved thousands
of local approvers, lacked a cost effective
way to review, audit or complete access
privileges, and created an inefficient security
department based on a centralized security
architecture.
Other challenges made it impossible to
enforce corporate audit and security policies
and implementation of a homegrown system
that produced a 31 percent completion rate
of quarterly access audits.
Streamlined Access
Using this solution allowed the banking
system to use a policy-based identity management
platform to automate all manual
processes, improve efficiencies, reduce risk
and help bank meet audit and compliance
requirements, register more than 3,000 access
area owners, and provide notifications
and escalations to be automatically sent to
access owners and managers during audits to
enforce compliance.
Banking staff have been able to complete
quarterly audits per corporate policy,
streamline the access request process and
eliminate all manual work efforts, as well as
implement distributed security architecture
to more efficiently manage identities.
With this solution, the bank achieved automated
on and off boarding, the distributed
model, increased efficiencies meant faster
turnaround with lower labor cost and automated
workflow provided simple method for
access area owners to action access requests.
The bank estimated that it will save more
than $1 million in annually and be able to
create audit reports instantly to meet compliance
requirements. This update also will
reduce access confirmation audits from more
than 1 million to 500,000 and provide 100
percent completion of every quarterly audit
since implementation.
Using the identity management software,
the bank restructured its operations to
a distributed model, allowing access owners
to action access requests, audit their secure
areas and manage identities with the click
of a button. This eliminated the security
team bottleneck, saved the bank millions of
dollars in labor and created a safer environment.
Detailed audit reports allowed the
bank to prove that compliance
requirements
were met and maintained
over time.
This article originally appeared in the February 2018 issue of Security Today.
About the Author
Kim Rahfaldt is Director of Media Relations at AMAG Technology, Inc., based in Torrance, Calif.