Leading Canadian Financial Institution automates Certification and builds IAM Program for the future

KeyData collaborated with a leading Canadian Financial Institution that works with all the major banks to share information within the financial network. Although their IT team was advanced in their understanding of identity and access management, the organization had been using a legacy tool that was cumbersome to manage and complicated in its design.

CHALLENGES WITH COMPLIANCE

As a financial institution, the client undergoes frequent audits to meet compliance. With each audit cycle, the process to obtain data to certify users’ access rights would take months to complete. The process was manual, slow and cumbersome. By the time the data collection was completed, some of the data points would no longer be valid. In addition, the process was onerous and managers were certifying large numbers of entitlements, leading to rubber stamp approvals and increased risk exposure.

An added challenge was the legacy identity management system the client was using that was nearing sunset. This resulted in no new feature releases and lack of support available for upkeep or improvements. This challenge presented itself as an opportunity for the client to re-evaluate their identity and access management (IAM) system.

The bank wanted to build a strategic program that would future proof their business and have a roadmap that they can soundly execute over the next few years.

In searching for a partner to help them achieve their objective, they were looking for a systems integrator with proven experience in financial services and a solid track record of successful IAM deployments. It was also key that this partner have referenceable clients for them to talk to and gain additional insights. After a competitive process, KeyData was selected for the project.

In a very short time, the KeyData team was able to get up to speed with all the client processes and infrastructure environment. Through discovery sessions and working closely with the client, we helped them deliver the following early wins:

• Automate major portions of their access certification process in their legacy environment
• Design and implement an IAM solution in their new data center.
• Define a role strategy which includes granular entitlements into business roles to reduce certification size and provide business context for approval requests

In addition to the quick aforementioned wins, KeyData also helped the client produce an actionable multi-year IAM roadmap to continuously enhance their security and compliance. At last check, the client has reduced the volume of their entitlements from 30K to 21K within a few months. They have reduced the manual effort to prep their data for audit by 90% and reduced support calls, thanks to automating their password reset process.

Working closely with the client, the KeyData team developed a role-based access control framework, which led to the analysis and development of over 4,000 IT roles based on the new entitlement data received from 30 different applications.

KeyData personally assessed these 30 different applications and its connectors in order to improve the overall data accuracy and capture it into SailPoint IdentityIQ. The KeyData team helped to create an application on-boarding factory to make the on-boarding process as efficient as possible.

As a result of this engagement with the KeyData team, the client improved their data accuracy and efficiency through direct onboarding of all their critical applications. Certification efforts were reduced by more than 75% and these efforts paved the way for future (planned) access request automation. The client has received positive feedback from end users as a result of simplifying complex workflows.