Synovus Financial is a multi-billion dollar financial services holding company that does business in the southern United States. It operates 30 banks, 330 offices and close to 500 ATMs.
Synovus Financial (Synovus) is a more than $33-billion dollar financial services holding company. Synovus provides commercial and retail banking, as well as investment services, to customers throughout Georgia, Alabama, South Carolina, Florida and Tennessee.
As a highly regulated institution, Synovus sought to tighten access and security controls to satisfy bank regulators and third-party auditors while driving down escalating support costs. “User provisioning and de-provisioning used to take several days,” said Steven Jones, director of operational risk for Synovus Financial. “We needed to be able to modify or revoke user access rights immediately in order to mitigate risk.”
The company also needed to enforce stronger password management. “Each user had at least six unique passwords, and inevitably many of them forgot passwords or wrote them down,” said Jones. “Forgotten passwords and locked accounts actually represented 70–80 percent of our helpdesk calls. We needed a solution that would alleviate this burden while bringing tighter security across the enterprise.”
Synovus wanted to make it easier for its employees to do their work, so they could create a more efficient front-line experience for Synovus’ customers.
Synovus is now using SecureLogin to provide enterprise single sign-on capabilities. The company is also using Identity Manager to automate user provisioning and deprovisioning. “Identity Manager was the only solution that suited our needs,” said Jones.
Synovus liked that Identity Manager could leverage NetIQ eDirectory services for the provisioning of third-party banking applications. The company now uses Identity Manager to synchronize and manage more than 6,700 identities across its human resources (HR) system, FIS deposit and loan origination system, homegrown banking applications, multiple directories, Micro Focus GroupWise and its corporate intranet and training software. Synovus even used single object access protocol (SOAP) services to integrate some of its legacy banking systems.
Synovus has also benefited from the solution’s attribute-level data management capabilities. “We can now use a wide variety of attributes to determine user roles,” said Jones. “By leveraging workflow modules, we’ve really been able to automate the entire user provisioning and deprovisioning processes, which now occur in near real time. In addition, if a user changes roles or moves from one location to another, all of their access rights are updated automatically. Identity Manager helps us ensure the integrity of our workflows and gain more efficient processes.”
SecureLogin provides Synovus with enterprise single sign-on capabilities to ensure the company can enforce its internal and external password security policies with far less effort. Users now only need to remember one password instead of six or more. “We’ve been very impressed with SecureLogin,” said Jones. “It met all of our requirements, offering tight integration with directory services, the ability to leverage directory service attributes and support for credential provisioning.”
By working with Micro Focus, Synovus has tightened security and access controls while lowering the total cost of ownership of its solution. Identity Manager gives Synovus a framework for effectively managing user identities. “We can now maintain security controls while realizing the productivity gains that come from an integrated solution,” said Jones.
“Identity and access management solutions enable Synovus to demonstrate appropriate access control and risk management practices for regulations like the Sarbanes- Oxley Act and the Gramm-Leach-Bliley Act while cutting associated IT costs by 80 percent. We’ve further reduced risk by eliminating excess accounts that could otherwise have been misused,” said Jones.
Using SecureLogin, Synovus has further increased its security controls, while significantly reducing password-related helpdesk calls and enabling the rapid deployment of new webbased applications. “From a risk management perspective, SecureLogin offers tremendous advantages for risk management. We’ve eliminated risky password behaviors while ensuring the right people have access to the right information,” said Jones.
Since the rollout of a single sign-on solution, the company has seen tremendous financial and productivity gains. SecureLogin has helped reduce password-related helpdesk calls by 40 percent. “The solution has also made it easier for users to move from application to application,” said Jones. “They can now focus on the customer they’re working with, rather than having to fumble through applications.”
