A Global Enterprise Financial Services Company
A multi-national, this client of EmpowerID’s are considered to be both one of the most well-managed, and one of the most important, banks in the world. A world-leading financial services company with over 45,000 employees, they have significant presence in America; Europe, the Middle East, and Africa (EMEA); and Asia-Pacific (APAC), and are included in Wall Street’s group of Bulge Bracket banks.
Initial Situation
They learned about EmpowerID during their extensive (over 1-year) search for an admin tool that could effectively manage Active Directory. Following the Global Financial Crisis and the need to drastically reduce costs, major restructuring within the organization took place. The main difficulty with this reorganization/merger was that each IT Group had its own IT tools. Some tools were developed in-house, others were from major vendors, but what became crystal clear was that switching to any solution would be complex, time-consuming, and expensive. It was during our POC engagement that they enquired if EmpowerID could help. We could. Two additional elements were critical:
- Re-use of existing resources—they already had a significant presence, system and resource base and rebuilding from the ground up was not an option.
- Strict banking requirements—a highly-regulated industry, had strict legal, governance, and jurisdictional restrictions—any proposed solution must ensure strict compliance at both industry and national level
- A unified identity model that ties together the myriad application and system identities that enterprises accumulate.
- A single point of reference for understanding and managing a person’s presence within the technology ecosystem.
- A common integration and federation platform with a consistent, flexible, configurable, and standardized interface. This is essential for building new technological partnerships as the application environment expands and evolves while still supporting the legacy applications and processes that are critical to business operations.
- A flexible and configurable role structure that provides an organizational architecture upon which to build an automated provisioning, access management, and delegated resource management system.
- An access governance platform with comprehensive auditing, approval, enforcement and recertification capabilities.
- A user-friendly portal interface that can be used by both end users and administrators to manage enterprise directory objects, request access and resources, and perform self-service password management capability.
The core platform and modules that are implemented are built on a single set of services. This will offer easier implementation, improved management, better performance, a superior user experience, high scalability and a lower cost of maintenance and support. In addition, the entirely workflow-based architecture based on the latest Microsoft technology allowed the customer to incorporate existing code and replicate its business processes without compromises.
Implemented Solution
EmpowerID with its unique workflow base and powerful API opened up both a new way of connecting their business units as well as delivering essential functionality.
- Minimizing existing efforts By provisioning connecting different IAM investments and custom coding into new integrated processes meant they didn't have to abandon their already established efforts.
-
Privileged Session Management (PSM) Because EmpowerID can completely replace Microsoft's Active Directory Users and Computers it also opened up further opportunities. This includes stipulating that all provisioning and administrative actions are managed through a secure and controlled interface. That way, admins and delegated users are permitted:
- access solely to the actions that they need
- no visibility to data or to actions that falls outside of their assigned privileges.
- Temporary Privileged Management (TPM) they also required functionality wherein an admin could gain rights to perform an action that are then automatically revoked after completion, and which can go for management review before being temporarily granted, if desired.
- Single Session View EmpowerID was also able to manage the old bank domains and the new domains as they were merged into one entity while providing a single console and view of those identities.
- Highly regulated access compliance given the specific requirements and restrictions of their country’s banking laws, they also have substantial jurisdictional needs. This called for a highly sophisticated RBAC/ABAC model that permits delegating activities while still tightly controlling views of data by country and entity.
- Audit and tracking capability Audit requirements, improving governance, and increasing the responsiveness and agility of the bank dictated an ongoing need for a continual and consistent review and inspection trail. EmpowerID’s automated business specific workflows and process have been perfect for this requirement.
Following implementation, and because it has eliminated many labor-intensive activities and made existing processes far more visible and robust, they have also devoted significant resources to the ongoing use of the platform. As such, not only are EmpowerID being used for all of their vital Active Directory and secure, delegated management tasks, but also to design custom workflows for internal business processes that connect to many of their pre-existing systems.