Challenge

As a result of the growth of new Bancomext products, the bank required a strategic technology plan to implement new systems over a three-year period. Identity management was a key aspect of this reorganization.

In addition, Bancomext needed to update its identity management processes to enable compliance with recent government regulations, which require financial institutions to use a single solution across all electronic resources used in online banking services. Furthermore, Bancomext wanted to increase security levels in managing user accounts.

“Removing and provisioning access rights to a user was complicated,” said Norma Zaldivar, Head of Systems, Bancomext. “There were potential security risks if elements of this process were overlooked.”

Users were required to remember three to five user names and passwords and log into the bank’s systems one-by-one, which was time-consuming.

“For each application there was a separate access control scheme,” said Zaldivar. “Adding or removing users was a laborious process that took two days and required input from several departments.”

Solution

Bancomext evaluated several possible solutions and ultimately decided to implement NetIQ Identity Manager and NetIQ Access Manager.

“We referred to a recent study, which concluded that the solutions offered by Micro Focus® are some of the most complete and competitively priced on the market,” said Zaldivar. “Identity Manager and Access Manager offered all the functionality we required, such as user-provisioning, a self-service password reset portal, and single sign-on, as well as ease of integration with our other applications. Bancomext is running Identity Manager and Access Manager in a SUSE Linux Enterprise Server environment."

“We chose this platform because it is a secure environment in which vulnerabilities can be controlled in an efficient manner,” said Leopoldo Hidalgo, Head of IT Security, Bancomext. “It provides high performance for all of the components and requires only infrequent updates.”

“With Identity Manager, user accounts are automatically created, edited, or deactivated, eliminating the need for the IT department to manually intervene in the process,” said Zaldivar. “As soon as Human Resources add a new user to the system, an identity is automatically generated and the new employee is assigned a user name, password, and email account.”

Bancomext is using Identity Manager to manage all user names and passwords on the network, employing password management policies such as password strength assignment, periodic password change, and password blocking after several failed attempts.

Furthermore, the bank is implementing a system of role-based provisioning. Users are now given hierarchical access rights based on their position in the company. Access Manager provides single sign-on access to all web-based applications with multi-factor authentication via tokens.

The solution has now been rolled out to 900 internal and external users. Bancomext expects the user base to increase to 2,500 users in the medium term.

Results

Bancomext is already seeing the benefits of implementing Identity Manager and Access Manager, especially in terms of enabling the bank to comply with banking legislation.

“The implementation of a single identity management solution has ensured that Bancomext is abreast of regulatory requirements,” said Zaldivar. “For example, Identity Manager has enabled Bancomext to comply with government legislation regarding password management policies.”

Bancomext has also experienced significant reductions in the administrative workload of its IT team.

“We’re seeing a 66% reduction in the time it takes to set up an account for a new user,” said Zaldivar. “Previously, it would take two days. Now, it can be completed in just a couple of hours. We estimate that our IT helpdesk is dealing with 15% fewer calls, thanks to the self-service web portal, which allows users to reset their own forgotten passwords.”