Establishing a Mature Identity and Access Management Program for a Financial Services Provider

Similar documents
QUICK FACTS. Guiding the Identity and Access Management Strategy for Yale New Haven Health System TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

TEKsystems: Consolidating Two Industries, A Case Study

QUICK FACTS. Managing a Service Operations Team for a Leading Software Developer. TEKsystems Global Services Customer Success Stories.

Designing and Implementing IT Infrastructure Standardization for a Large Energy Company

Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery

Creating Customized Training for a Leading Insurance Company

QUICK FACTS. Mitigating Co-employment Risk for a Global Interactive Entertainment Company TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

Facilitating a Windows 7 Upgrade and Application Packaging for a Major U.S. Bank

QUICK FACTS. Modernizing a Retailer s Point-of-Sale System from Off Shore. TEKsystems Global Services Customer Success Stories.

QUICK FACTS. Replicating Canada-based Database Support at a New Facility in the U.S. TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

QUICK FACTS. Delivering Superior IT Support Services for a Video Game Maker TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

How To Improve Service Transition

QUICK FACTS. Facilitating Application Packaging on Behalf of a Global Professional Services Company

QUICK FACTS. Implementing Business Intelligence and Retail Signal Solutions for Sony PlayStation TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

E-fficient Project Management and Execution

QUICK FACTS. Consolidating Service Desks Post-Merger for a Leading U.S. Energy Supplier TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

QUICK FACTS. Providing a Unified Communications Training Solution to End Users Across North America

Managing a 24x7x365 Support Center and Network Engineering for a Government Agency QUICK FACTS

QUICK FACTS. Enhancing the Marketing Campaign Management Portal for an SaaS Provider. TEKsystems Global Services Customer Success Stories

How can Identity and Access Management help me to improve compliance and drive business performance?

QUICK FACTS. Implementing Oracle Business Intelligence Applications 11g for a Fortune 500 Corporation

QUICK FACTS. Transitioning On-Site Support to an Off-Shore Model on Behalf of an Insurance Provider

QUICK FACTS. Establishing a Telephony Service Desk System to Enhance Telecommunications Support. TEKsystems Global Services Customer Success Stories

AGILE SOFTWARE TESTING

Simply Sophisticated. Information Security and Compliance

Modernizing H-E-B s Point-of-sale Systems

BRAVE NEW WORLD: OVERCOMING NEW HEALTHCARE CHALLENGES WITH TOP IT TALENT

ADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Identity and Access. Management Services. HCL Information Security Practice. Terrorist Sabotage. Identity Theft. Credit Card Fraud

CUSTOMER SUCCESS STORIES

QUICK FACTS. Catholic Health Initiatives Collaborates with TEKsystems to Update its Aging Fleet of IT Equipment to Achieve Meaningful Use

Customizing Identity Management to fit complex ecosystems

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

AD Management Survey: Reveals Security as Key Challenge

QUICK FACTS. Providing Application Development and Data Migration Support for a Leading Healthcare Company

QUICK FACTS. Providing an Infrastructure Managed Services Solution for a Telecommunications Provider

Certified Identity and Access Manager (CIAM) Overview & Curriculum

QUICK FACTS. Optimizing Procurement and Invoicing Processes on Behalf of a Financial Services Firm TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

Point of View: FINANCIAL SERVICES DELIVERING BUSINESS VALUE THROUGH ENTERPRISE DATA MANAGEMENT

Designing a Customized E-learning Solution for a Worldwide IT Company

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

Building a Roadmap to Robust Identity and Access Management

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

BUYER S GUIDE. Identity Management and Governance

Identity & Access Management Case Study & Lessons Learned. Prepared by Tariq Jan

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

solution brief NEC Remote Managed Services Prevent Costly Communications Downtime with Proactive Network Monitoring and Management from NEC

Insurance Industry Expertise

PRACTICAL BUSINESS INTELLIGENCE STRATEGIES:

Seven Rules of Thumb for Post-Trade Compliance

June 2008 Report No An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

Identity and Access Management Point of View

IT WORKFORCE PERSPECTIVES

Provide access control with innovative solutions from IBM.

Identity Management Capabilities Rise in the Cloud

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

QUICK FACTS. Implementing a Big Data Solution on Behalf of a Media House TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

BUYER S GUIDE. Identity Management and Governance

SURVEY FINDINGS. Executive Summary. Introduction Budgets and Spending Salaries and Skills Areas of Impact Workforce Expectations

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

CA Enterprise Mobility Management MSO

Day One Employee Productivity and Increased Security: Integrated Provisioning and SSO

The Role of Password Management in Achieving Compliance

The Role of Internal Audit in Risk Governance

VENDOR MANAGEMENT. General Overview

Department of Information Technology

Automated User Provisioning

Successful Outsourcing of Data Warehouse Support

Minimize Access Risk and Prevent Fraud With SAP Access Control

GOVERNMENT USE OF MOBILE TECHNOLOGY

Office of the Inspector General United States Office of Personnel Management. Statement of Michael R. Esser Assistant Inspector General for Audits

TOP. Steps to Success. TOP 10 Best Practices. Password Management With a Plan.

QUICK FACTS. Helping a Software-as-a-Service Provider Scale up Automated Testing TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

Title here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES

Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level

White paper. Four Best Practices for Secure Web Access

Is Your Identity Management Program Protecting Your Federal Systems?

DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY

HR Function Optimization

Softchoice Solution Guide: five things you need to know about single-sign on

Transforming Your Core Banking and Lending Platform

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University.

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Information Security Management System for Microsoft s Cloud Infrastructure

Identity and Access Management The road to sustained compliance

Managed Services. Business Intelligence Solutions

SUSTAINING COMPETITIVE DIFFERENTIATION

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Bell Mobile Device Management (MDM)

IBM Global Business Services White Paper. Insurance billing and payment transformation Why now?

White paper. Business-Driven Identity and Access Management: Why This New Approach Matters

Services for the CFO Financial Management Consulting

Importance of the Consumer Financial Protection Bureau

Part 3: Business Case and Readiness

Transcription:

Customer Success Stories TEKsystems Global Services Establishing a Mature Identity and Access Management Program for a Financial Services Provider FINANCIAL SERVICES NETWORK INFRASTRUCTURE SERVICES INFORMATION SECURITY

Executive Summary A financial services provider partnered with TEKsystems to build a secure identity and access management (IAM) program to address regulatory audit findings and improve the end-user experience. Quick Facts Client Industry: Financial services Revenue: More than $165 million Geographic Presence: Has a presence in the Midwest with offices across the country Objectives Educate client that IAM is not just an IT or information security issue; rather it s a business issue that requires a formal IAM program to address business challenges and implement organizational change Create a customized IAM roadmap to address audit findings and enhance the user experience Build a program to advance the client s IAM maturity and enhance security Assess the client s existing IAM processes and procedures to identify opportunities to reduce audit findings, and improve and streamline processes Identify IAM tool business requirements and aid the client in reviewing off-the-shelf IAM software suites to assist with vendor selection Results Created a comprehensive, three-year roadmap to establish and build a robust IAM program and guide all future IAM initiatives and module implementations Facilitated the client s selection of a new identity governance and administration product based on functionality and features Outlined future program components, including streamlining access reviews and access requests, integrating policy monitoring, establishing baseline metrics for comparative analysis to track program improvements, and implementing self-service password functionalities Technologies Supported Identity governance and administration Identity and access governance User administration and provisioning Challenges Coordinate with a third-party IAM software vendor to install and implement the client s new IAM tool Adjust the IAM roadmap as necessary to reflect the client s changing business priorities Demonstrate the value of an enhanced IAM program to stakeholders in the absence of baseline metrics TEKsystems Global Services Customer Success Stories TEKsystems.com 2

Client Profile The client, recently designated as systemically important to the U.S. financial market, is the world s leading equity derivatives clearing organization. The corporation clears a wide array of diverse and sophisticated products. Offering clearing and settlement services for transactions in futures and options, the client also clears transactions for security futures, over-thecounter and exchange-listed options. Industry Landscape Due to the highly sensitive nature of finance and its associated data and policies, the financial services industry is heavily regulated to protect consumer and institutional assets. Overarching regulations and industry mandates are constantly changing in response to evolving threats and industry needs; businesses must address emerging security issues or face severe consequences. Leaving security and access issues unresolved can result in auditrelated fines, shaken investor confidence, a tarnished brand perception and heightened security risks. In addition to managing security issues associated with external threats, organizations must protect their assets internally as well. It is important that organizations give internal and external identities including contractors, vendors and business partners the appropriate level of access to information, applications and networks needed to complete their responsibilities. However, privilege levels can vary widely depending on an identity s job function, seniority or specific projects. Maintaining diverse access privileges for thousands of identities can be a daunting task as individuals are onboarded or offboarded on a regular basis. Organizations must have a scalable IAM program and IAM systems in place to ensure proper clearances or privileges can be quickly updated to reflect business and regulatory changes. Organizations often rely on IAM programs backed by sound governance policies to ensure compliance and streamline user account management and maintenance via automated policies and processes. A robust IAM program can help establish and enforce repeatable business processes, and the underlying infrastructure service components needed to create and maintain accurate and timely user identities that dictate access privileges and restrictions. A secure program can also improve business efficiencies by minimizing the need for help desk support and allowing identities to be self-sufficient in resolving issues. Companies must find the right balance between restricting access to information necessary to safeguard the business while granting internal and external identities the appropriate access needed to be productive and profitable. TEKsystems Global Services Customer Success Stories TEKsystems.com 3

Situation The client, a financial services provider, operates under direct oversight of the U.S. Securities and Exchange Commission (SEC) and U.S. Commodity Futures Trading Commission (CFTC). The client is regularly audited by these organizations to ensure it complies with the most recent regulatory and security mandates that govern the financial marketplace. During a recent audit, the client was found to be lacking in numerous IAM standards needed to help protect sensitive business assets and mitigate security risks for the organization and its end users. Among the findings were: The presence of idle accounts. The client s system contained numerous orphan accounts belonging to past or terminated identities, which meant timely account decommissioning was not consistently occurring. Inadequate access verification. It was difficult for the auditors to confirm why certain accounts had the access they did within the system. The approval process to access applications and systems was inconsistently applied. Inadequate access reviews. The client did not conduct periodic access reviews across all key applications/ systems to ensure the appropriate levels of access were provided to the correct individuals as their roles or seniority changed. Inadequate controls around privileged account management. The client lacked policies and procedures to manage super-user accounts (e.g., administrator, root and emergency identities). Due to the highly regulated nature of the client s business and the extensive regulatory audit findings that had been identified, a formal IAM program backed by a sophisticated IAM tool was needed for the client to remain in good standing with the SEC and CFTC, and most importantly, remain operational. A sound IAM program would help ensure the proper privileges and access credentials were associated with the correct internal/external personnel and business partners to help fortify the client s operations and data management. Previously, the client had relied on internal security analysts to oversee the manual creation, maintenance and decommissioning of user accounts within the computing environment, which left room for errors or oversights in regard to account maintenance and management. Additionally, while the client had a legacy IAM tool in place to aid in password synchronizations across internal directories, other functionalities had never been implemented, so the full benefits of the tool were never utilized. A sound IAM program would help ensure the proper privileges and access credentials were associated with the correct internal/ external personnel and business partners to help fortify the client s operations and data management. TEKsystems Global Services Customer Success Stories TEKsystems.com 4

The client sought a trusted IAM advisor to guide them in building and implementing a secure IAM program to address their IAM audit findings. The client also wanted a partner that could assist them in selecting an off-the-shelf IAM software product to replace the existing legacy tool responsible for password synchronization. A formalized IAM program backed by versatile IAM software would automate user account functions, help eliminate user maintenance errors, improve overall organizational efficiencies, and better protect the business from potential security threats and future audit issues. Solution Having previously partnered with TEKsystems Global Services on a variety of projects, the client was aware of our dedicated Information Security Services practice and IAM expertise. The client s director of security operations / security services met with practice leaders to discuss their IAM challenges and see how TEKsystems could help mitigate the challenges they faced. After hearing our proposed solution, and based on their confidence in our ability to deliver a mature IAM program, the client promptly selected TEKsystems without needing to consider alternate vendors. Our solution consisted of three sequential components: 1. Mapping Regulatory IAM Audit Findings To gain a better understanding of the client s existing IAM processes and procedures, we would complete a thorough assessment of the regulatory audit findings. As part of this assessment, we would evaluate which findings could be addressed by an IAM tool and identify how an implemented tool would mitigate the security issues associated with each finding. 2. Building the IAM Roadmap We would prepare a three-year IAM roadmap to establish and build a mature IAM program and to provide a framework to implement the selected IAM tool. The roadmap would detail future-state IAM projects, including centralizing access requests, enforcing consistent approval processes, automating manual access reviews and defining separation of duties (SoD) policy monitoring, which would aid in proactively avoiding audit violations and enhancing identity monitoring and maintenance. The roadmap would also outline initiatives to help improve the user experience. For example, we recommended that numerous and disparate access request portals be centralized in one system to minimize user confusion. In addition, implementing selfservice capabilities would provide strategic business value to not only the client s business but its end users. We would also review, define and update organizational policies and procedures to build a new identity governance foundation to guide all future IAM projects. 3. Selecting an IAM Tool We would evaluate the functionality and features of commercially available IAM software solutions to determine the best identity governance and administration product for the client. The new IAM tool would replace manual, error-prone tasks associated with creating and maintaining user accounts. It also would replace the client s existing legacy tool responsible for synchronizing passwords between internal directories. TEKsystems Global Services Customer Success Stories TEKsystems.com 5

Results Based on our assessment of the SEC s and CFTC s audit findings, we designed a comprehensive roadmap to guide the client in building a secure and robust IAM program. The custom, multiphased roadmap outlined ways to address and correct audit findings, including issues with access requests and access reviews, the cleanup of idle accounts and password management. Additionally, the roadmap provided ways to enhance the user experience and streamline IAM processes and procedures outside of issues noted in the audit findings. The custom, multiphased roadmap outlined ways to address and correct audit findings, including issues with access requests and access reviews, the cleanup of idle accounts and password management. Choosing a new IAM software suite to support roadmap initiatives and address audit findings was a critical component of our IAM solution. We outlined governance parameters under which the new IAM tool would operate specifically defining and reviewing associated IAM business requirements and functionalities. We then identified key components and features an ideal IAM tool would have, and researched relevant identity governance and administration products available in the market. We assisted the client in meeting with software vendors to review products and compare functionality against our identified requirements. Based on these meetings, the client selected a new, robust tool. Phase two of our solution involved implementing the new IAM tool. We assisted the client with defining business requirements and oversaw the installation and configuration of the tool as the client s IAM subject matter expert. We then thoroughly tested the solution to ensure it complied with the client s stated business requirements. The new IAM tool had a wide array of modules to centralize disparate IAM functions, including modules to govern access reviews and access requests, policy monitoring, and role management, among other core IAM functionalities. After the software was installed, configured and thoroughly tested, the client was able to utilize the tool to perform password synchronization and decommission their previous IAM tool. The next phases of our solution will be implemented over the next several years in accordance with IAM initiatives outlined in the roadmap. While the original roadmap we prepared was based on three years, the nature of the client s business dictated that numerous stakeholders were involved in key business decisions, which lengthened the time it took to implement major organizational changes. To accommodate this reality, we adjusted the timeline to more accurately align with the client s pace of implementation. The revised roadmap will be rolled out over the next three to five years. TEKsystems Global Services Customer Success Stories TEKsystems.com 6

A key priority addressed in our roadmap was improving the client s access review process. We recommended using the IAM tool to automate and streamline the process, incorporating business-friendly entitlement descriptions, so the appropriate certifiers would be alerted via email and given the ability to evaluate access from a centralized Web portal. In addition to strengthening the access review process, we delivered a plan to establish sophisticated policy monitoring to better coordinate the decommissioning of user accounts and proactively reduce risks for future audits. Previously, changes to user accounts were sporadically reviewed, and generally inconsistencies or errors were only caught during an audit. Under the new module, policy violations will be flagged within the system in real time so any changes to user accounts can be implemented within days as opposed to months. To help enhance the overall user experience, we recommended implementing several self-service features, including self-service password reset. The new module will give users the ability to answer security questions to independently reset their passwords / unlock their accounts. This functionality would help reduce the number of passwordrelated calls to the help desk and improve end-user satisfaction. We also recommended the client begin tracking IAM baselines so that as each new tool module is implemented, the director of security operations / security services would have evidence to show executive management a decrease in IAM audit findings, process improvements and cost reductions to justify the continued spend on the IAM program. TEKsystems will support the client s IAM program development over the next several years. Future roadmap components will continue to address existing audit findings, proactively avoid future IAM issues, mature the client s IAM program and strengthen the overall security of the business. Key Success Factors IAM expertise With a dedicated Information Security Services practice, we were able to provide the client with a comprehensive roadmap specific to their unique needs. Our seasoned practice professionals have more than a decade of experience in their field, which allowed them to draw on a wide breadth of past experiences and know which strategies really work. We made suggestions on ways to improve efficiencies, address audit findings and centralize many of the previously disparate IAM functionalities within the organization. Flexibility Aside from being a highly regulated financial services provider, the client is a private, nonprofit organization, which meant making weighty organizational decisions could be a lengthy process. Though our roadmap was originally positioned to take three years to implement, we evolved our solution to fit a more realistic timeline of five years given the conditions within the client. We also were flexible in working within the client s timeline and coordinating the new IAM tool s implementation in conjunction with the third-party software vendor. TEKsystems Global Services Customer Success Stories TEKsystems.com 7

Trusting relationship The client s preexisting relationship with TEKsystems helped solidify this engagement. The client was confident in our abilities based on past TEKsystems Global Services projects, including in areas of applications management outsourcing and quality assurance and testing. Based on this relationship, the client felt they didn t need to go through a formal RFP process prior to selecting TEKsystems to drive the formation of their IAM program. About TEKsystems People are at the heart of every successful business initiative. At TEKsystems, we understand people. Every year we deploy over 80,000 IT professionals at 6,000 client sites across North America, Europe and Asia. Our deep insights into IT human capital management enable us to help our clients achieve their business goals while optimizing their IT workforce strategies. We provide IT staffing solutions, IT talent management expertise and IT services to help our clients plan, build and run their critical business initiatives. Through our range of quality-focused delivery models, we meet our clients where they are, and take them where they want to go, the way they want to get there. Visit us online at TEKsystems.com TEKsystems Global Services Customer Success Stories TEKsystems.com 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information