Beta Systems solutions

User stories

Beta Systems SUCCESS STORIES

GARANCY IdM solution: Abolish IT access chaos with well-structured profiles

Initial situation

First, the European Bank for Reconstruction & Development became a shareholder of Kombank, and together with this new partner came a whole new IT strategy. “We had already started to focus more strongly on security and compliance a few years earlier, for example by introducing the first authorization policies,” explains Vesna Martinović, Head of IT Process Management at Kombank who managed the IdM project. “This included a new user request management scheme for requesting new rights from the administrators of the individual target systems.

In each case the superior had to sign off the assignment, so this represented the precursor of how we now handle the process using GARANCY.” IT assessments by the European Bank for Reconstruction & Development and internal requirements prompted the new IdM strategy.

Challenge

“With the realignment of our IT strategy also came a whole new approach to identity management,” explains Vojislav Stojić, IT Security Manager at Kombank. “The new shareholder, European Bank for Reconstruction & Development, introduced highly constructive demands and innovations to the bank.”

Following an extensive IT assessment, the IT strategy was completely realigned, from changing the core banking system to restructuring the telecommunications, disaster recovery and reporting areas through to implementing identity management. The latter item also served to answer the growing internal need for further consolidating user rights and creating uniform profiles.

Implementation

Several IdM systems were scrutinized in detail before the decision was made to use GARANCY. The IT experts of Kombank were particularly impressed with the GARANCY reference installation at the Slovakian VUB bank based in Bratislava.

The recommendation of Accenture business consultancy, who had found the Beta Systems solution to best match the requirements, also played an important role. This recommendation was founded on the flexible connection capabilities, mixed Windows and mainframe systems as well as the solution’s ability to quickly achieve the IT administration security goals. The opinion and experience of the Prague Komercni Banka, who has been using Beta Systems products for many years, was also considered by Ivan Vasić and his team during the decision-making stage.

Kombank ended up purchasing a total of roughly 3,200 GARANCY licenses plus 300 licenses for technical accounts and external users. The implementation was preceded by a detailed, three-month planning phase. The good cooperation between both companies certainly also had a bearing on selecting this product and manufacturer. “The Beta Systems experts have been supporting our zSeries landscape for many years in a highly reliable manner, and they are also very experienced in the area of RACF,” explains Ivan Vasić.

During this time, Vasić and his colleagues have grown to appreciate the flexibility and reliability of the Beta 88 zSecurity RACF mainframe administration tool and Beta 92 Process History Manager, the job and process log management system that serves as their audit repository.

Solution

User and user ID consolidation with GARANCY has greatly improved the transparency of IT system administration at Kombank. Previously, basically every employee had their own profile, and many even had multiple ones. GARANCY has helped to streamline rights allocation, reducing the number to about ten typical user profiles for each logical job per business line – in addition to superordinate group profiles.

As a result, the wild growth of 3,500 “profiles” has been cut down to less than 300 proper roles. When a new employee joins the company or changes to a different department, the IT administration is now able to provide him or her with access to all applications needed to perform their new duties in just a few seconds by assigning the appropriate role and then letting GARANCY, which automatically connects with the HR application, do the rest.

Previously, assignment took place in a time-consuming manual process that involved several administrators. “GARANCY does away with the previous problem that employees changing their job roles accumulated access rights for many applications in an uncontrolled manner,” says Vojislav Stojić. Now the bank has largely eliminated this access security risk. The solution also generates detailed reports providing information on when a given administrator assigned what rights to whom. This means that the activities of the security administrators are permanently logged in an audit-compliant manner.

This has made Kombank’s IT department more efficient, has introduced transparent audit compliance and, on top of that, has helped to save costs. Ever since the complicated, separate user administration for the individual applications was replaced with GARANCY, the whole process has become much simpler, faster and can be handled by less tech-savvy staff. As a result, the IT department now fulfills all security- and compliance-relevant requirements of the bank.

Learn more about the methodology behind the IAM implementation here

Download the free whitepaper now!

IAM Implementation
Methodology whitepaper