DX Labs (Digital Shadow Information Technology)

Secure onboarding—a lengthy process

When DX Labs received what looked like a simple query for password management support from one of its banking clients, it suggested NetIQ Self-Service Password Reset which was implemented to lower the cost of password administration. However, further discussion around the subject showed a more complex issue around identity and access management. Banks leverage the SWIFT network to send and receive information about financial transactions in a secure, standardized, and reliable environment. New regulations for banks in the Middle Eastern region require more detail and visibility around application access, with banks needing full transparency in who accesses what when. This is easier said than done, as Ahmed El-Saftawy, Sales and Pre-Sales Director with DX Labs, explains: “Our client has a mix of ‘home-grown’ and commercial applications, all customized to specific banking and money transfer requirements. Each system requires its own set of credentials, so one user has multiple credentials to maintain strict security between applications. These independent account credentials are very difficult to manage and map for the systems owners.”

El-Saftawy continues: “Onboarding new employees was a manual and time-intensive process. Our client also needed a better way to disable accounts when employees leave the bank or when a user is transferred to another department. We work with SWIFT-enabled applications and there is always a risk that a disgruntled ex-employee maintains their access and can defraud the bank. The organization wanted to automate an identity management workflow to easily provision new users, modify existing users when job changes occur, and terminate users in real-time when employees leave the organization.”

[NetIQ] Identity Manager and [NetIQ] eDirectory have not only reduced our administrative workload by at least 60 percent, they also provide a very clear access overview for our management, which is very useful in the highly regulated banking sector and made the frequent Account Monitoring and Control Audit more robust and reliable.

SWIFT integration for a seamless SSO

The bank decided on a three-phase implementation project, consisting of identity and access management, governance, and multi-factor authorization. Following a thorough market evaluation of available identity management solutions, DX Labs recommended NetIQ Identify Manager, designed to manage the complete identity lifecycle of entities across a diverse and hybrid infrastructure. In close cooperation with Birchford, a local partner committed to making the business of money movement efficient, reliable, and seamless, DX Labs created a unique approach. By integrating NetIQ Identity Manager with the SWIFT interface within banking applications, the client bank can enable a seamless single sign-on (SSO) experience across the enterprise, including SWIFT users.

NetIQ Identity Manager’s Designer feature offers the ability to produce access-request workflows that can dramatically reduce the administrative workload with no programming or customization required. NetIQ Identity Manager works in tandem with NetIQ eDirectory as a centralized ID credentials repository with a full-service secure LDAP directory. This enables the team to activate, change, and remove users quickly and reliably without making manual updates in multiple systems. NetIQ eDirectory synchronizes identities across source systems, taking into account data authority and quality. “Our client was able to see the benefits of [NetIQ] Identity Manager and [NetIQ] eDirectory straight away. New user onboarding would take at least two working days, with manual form filling and processing. Now that this is all automated in a seamless workflow, it takes just two hours to provision a new user and assign credentials for any required systems; a time saving of 80 percent, along with the massive decrease in human error rate involved in the manual process,” comments El-Saftawy.

New user onboarding would take at least two working days, with manual form filling and processing. Now that this is all automated in a seamless workflow, it takes just two hours to provision a new user and assign credentials for any required systems; a time saving of 80 percent.

Administrative effort reduced by 60%

The solution is entirely role-based, with a very clear view on which roles require access to which solutions. Standardizing this enforces restricted access to sensitive information and it strengthens authentication without negatively impacting productivity. If a user leaves or changes roles this is immediately reflected in NetIQ eDirectory and NetIQ Identity Manager will take the necessary action by activating the relevant approval workflow. This ensures inactive account credentials are disabled straight away, eliminating the risk of misuse. “[NetIQ] Identity Manager and [NetIQ] eDirectory have not only reduced our administrative workload by at least 60 percent, they also provide a very clear access overview for our management, which is very useful in the highly regulated banking sector,” says El-Saftawy.

He concludes: “In collaboration with Birchford we are working with our client to implement the [NetIQ] Identity Manager solution in other countries, to cover all 15,000 regional banking users. [NetIQ] Identity Manager has already started shaping the overall access governance within the bank, and we are investigating OpenText NetIQ Advanced Authentication to introduce multi-factor authentication into the SSO solution and avoid a single point of failure, covering all core applications. At the same time, ArcSight by OpenText, including ArcSight SOAR by OpenText, is being considered as the SIEM environment for the bank operation. One of the reasons our client felt confident about our Micro Focus (now OpenText) recommendation was the breadth of solutions and the integration capabilities available. Our client feedback has been very positive, and we believe other banks can also benefit from this solution by implementing this use case.”

About NetIQ

NetIQ provides security solutions that help organizations with workforce and consumer identity and access management at enterprise-scale. By providing secure access, effective governance, scalable automation, and actionable insight, NetIQ customers can achieve greater confidence in their IT security posture across cloud, mobile, and data platforms.

Visit the NetIQ homepage at www.cyberres.com/netiq to learn more. Watch video demos on our NetIQ Unplugged YouTube channel at www.youtube.com/c/NetIQUnplugged.

NetIQ is part of Cybersecurity, an OpenText line of business.