Clear profiles instead of proliferation in IT access - IdM Solution GARANCY

Initial situation

Initially, the European Bank for Reconstruction & Development became a shareholder in Kombank. As a result, a completely new IT strategy was initiated. “A few years earlier, we had already started to prioritize the issues of security and compliance and introduced the first authorization policies,” explains Vesna Martinović, project manager of the IdM project and responsible for process management in the IT team at Kombank, “according to these, new rights to be granted were requested from the administrators of the individual target systems via a new user request management system.

To do this, the supervisor had to grant approval – effectively the precursor to what we do today with GARANCY.” European Bank for Reconstruction & Development IT assessments and internal requirements led to a new IdM strategy.

The Challenge

“The reorientation of our IT strategy also involved a fundamental rethinking of identity management,” continues Vojislav Stojić, IT Security Manager at Kombank, “with the European Bank for Reconstruction & Development as a new shareholder, extremely helpful innovations and requirements were simultaneously introduced into the bank.”

For example, a comprehensive IT assessment resulted in the complete realignment of the IT strategy, starting with the change of the core banking system, through the areas of telecom, disaster recovery and reporting, to identity management. The last topic also corresponded with internally increased demands to further consolidate user rights and create uniform profiles.

Implementation

Various IdM systems were then closely examined, and the decision in favor of GARANCY was made at the beginning of 2007. The IT experts at Kombank were particularly impressed by a GARANCY reference installation at the Slovakian VUB Bank in Bratislava.

Here, the verdict of the management consulting company Accenture also came into play; it had recommended the Beta Systems solution as the most suitable. Accenture made the recommendation in particular due to the flexible connectivity of mixed Windows and mainframe systems and the fast achievement of security goals in the IT administration area. Ivan Vasić’s team also sought the opinion and experience of Komercni Banka from Prague, a long-standing user of Beta Systems products, during the decision-making phase.

Komercni Banka eventually purchased a total of almost 3,200 GARANCY licenses, plus 300 licenses for technical accounts and external employees. The implementation was prepared in a detailed, three-month design phase. The choice of product and manufacturer was also due to the excellent cooperation between the two companies. “The experts from Beta Systems have been providing extremely reliable support for our zSeries landscape for many years and are also very familiar with the RACF environment,” explains Ivan Vasić.

During this time, Vasić and his colleagues have come to appreciate the flexibility and reliability of the Beta 88 zSecurity RACF administration tool in the mainframe area and the Beta 92 Process History Manager, the log management system for jobs and process logs, as an audit repository.

Solution

IdM Solution GARANCY; User/user ID consolidation with GARANCY  has led to much more transparent management of IT systems at Kombank. Previously, virtually every employee had their own profile – many even had several for different purposes. With GARANCY, the assignment of rights per business line was limited to about ten typical user profiles for each logical activity, plus higher-level group profiles.

In this way, 3,500 wildly different “profiles” have become just under 300 real roles. When an employee joins the company or changes departments, the IT department can now give them access to all activity-related applications within seconds by assigning roles, thanks to GARANCY’s automatic connection to the HR application.

Previously, this was a manual and time-consuming matter for distributed administrators. “Today, with GARANCY, it is no longer possible for an employee’s access rights to certain applications to grow uncontrollably as his or her job changes,” says Vojislav Stojić.

The bank has thus virtually eliminated the security risk in authorization issues. Via detailed reporting, the solution provides information about when which administrator granted which rights to whom. In this way, the activities of the security administrators are also subject to a permanent historical audit.