How PIAM Brings a Bank’s Siloed Areas Togetherfor a Secure and Compliant Enterprise

Sponsored Content presented by Quantum Secure

By Don Campbell,
Vice President, Product
Quantum Secure, part of HID Global

Banks and financial institutions have long recognized the critical need to secure the valuable and sensitive financial assets their customers trust them to keep safe. They typically focus on technology like identity management to secure people, places and assets, so that they can prevent lapses in security, which could negatively affect their revenues, operating costs, and adherence to industry regulations, reputation and much more.

However, a fundamental security and risk management challenge for many banks and financial institutions is their organizational structure, in which each part of the business has its own separate silo. For example, the security department has its own operating system, while the systems, procedures and processes for employees and contractors and managers are housed in a separate system. All of this leads to an organization which is hierarchical, siloed, and fragmented. Worse, having to cope with a fast-changing global economy has led many banks and financial institutions to create more complex matrixed organizations, where it’s even more difficult to get the right people together for fast decision-making and to keep them informed.

In a bank or financial institution, it is crucial that identities and related-area access are managed in real-time across a dispersed physical and logical security infrastructure. In addition, corporate governance, documentation and reporting have become paramount, as regulations such as BASEL II and GLBA have become fixtures from a compliance standpoint.

One way to bring all of the silos together is by creating efficiencies and automation in identity management through Physical Access and Identity Management (PIAM) software. These solutions capture, store and analyze data from multiple disparate security and non-security systems to create reports that will not only help security build a business case, but also deliver actionable intelligence about threats, potential cost savings and more.

Quantum Secure’s SAFE Enterprise assists the three main stakeholders groups in a financial institution that share tasks when it comes to identity management processes: the users – employees, contractors, and tenants; the security department; and employees who manage an area, function, or process, such as HR and IT. All have a stake in identity management, albeit with different roles in processes and procedures. In a bank, a PIAM solution empowers employees, contractors, and tenants to handle their common security needs. For managers, the system enables stakeholders within an organization to own and manage their security functions.

A PIAM solution has pre-defined policies, which help the three stakeholder groups to automate key processes for four common identity management processes: On-boarding and Badging, Visitor Management, Access Management and Compliance.

Traditional ways of managing physical access and identities for on-boarding and off-boarding employees directly within physical access control systems (PACS) present considerable challenges. Some of these challenges include multiple, disparate PACS that may not be integrated with authoritative systems or other security systems, creating the need for significant manual efforts to manage identities and their related physical access. The complexity increases when the enforcement of security policies is also manual, making it an inconsistent and error-prone process. Some of the resulting implications include existence of duplicate identities, unauthorized access provided to identities, limited or no validation of pre-requisites for access provisioning, no audit trail into access assignment, delay in or no removal of physical access for identities terminated in HR and other related issues.

Pre-defined policies in a PIAM solution help all stakeholder groups to automate key processes such as on-boarding, off-boarding and access provisioning across the entire PACS infrastructure. PIAM allows employees, contractors and managers to easily modify their information, such as a change in their name or work schedule. When an identity expires, it is immediately deactivated along with any associated credentials, PIN codes or passwords. The stakeholders are notified when a change is made; they can view the results, then assign, approve access points, and track the credential use as needed. New or updated ID credentials can be printed quickly and easily. Security, HR and IT departments are given the same information, in real time. In short, all stakeholder groups have current and accurate information on all on-board and terminated bank employees.

PIAM solutions also allow employees to pre-register visitors, which the stakeholders can quickly review against a database and watch list. Receptionists can greet visitors, capture required information for a temporary ID badge, notify the visitor’s host and print visitor badges. All stakeholders have real-time access to data to mitigate security risks.

For banks and financial institutions, security risks are not limited to those posed by visitors, contractors or other outsiders. They are also vulnerable to insider threat by current employees and employees who are terminated, plus mistakes made by new hires who may not be aware of policies and procedures. The key to addressing insider threats is for the three stakeholder groups to control access through accurate information on new employees and terminations, in addition to tracking which credentials are used, and where and how. A PIAM solution can perform this automatically, enabling faster resolution and in many cases, allowing Security and Managers to take proactive steps to avoid a threat altogether. A PIAM solution can track when employees request access to a new facility or area for themselves or another person, and then Security and Managers can review approved requests and make final approval.

Financial institutions are governed by industry and government regulations, each of which carries its own specific set of requirements that must be met and for which they must regularly demonstrate compliance. This exhaustive process requires data to be gathered, correlated, analyzed and reported from multiple systems, often manually. With much of this data stored in siloed systems that are managed separately, the time, effort, cost and potential for errors associated with these manual processes is a primary pain point for financial institutions. At the same time, non-compliance is simply not an option.

A key benefit of PIAM for financial institutions is the ability to for Security and Managers to automatically pull compliance-related information from data on a regular basis and generate reports to demonstrate compliance with each of the regulations governing their operations. In addition to significantly reducing the time and effort associated with manual tasks, by ensuring minimal human intervention PIAM can eliminate potential errors that can place compliance in jeopardy.

With PIAM, all actions, including who made the request, who authorized it and why, are captured and recorded. Security and Managers can compile and publish compliance reports and the other stakeholders can schedule and manage regular audits.

The often hierarchical and siloed structure of banks and financial institutions can lead to fragmented processes and cultures that expose them to security risks. A PIAM solution such as Quantum Secure’s SAFE for Finance can bring a bank or financial institution’s siloed areas together through technology and automation, helping to create a secure and compliant enterprise.

For more information about how SAFE for Finance can solve your financial institution’s identity management challenges, click here.