Initial Situation
First, the European Bank for Reconstruction & Development became a shareholder of Kombank, and together with this new partner came a whole new IT strategy.
“We had already started to focus more strongly on security and compliance a few years earlier, for example by introducing the first authorization policies,” explains Vesna Martinović, Head of IT Process Management at Kombank who managed the IdM project. “This included a new user request management scheme for requesting new rights from the administrators of the individual target systems. In each case, the superior had to sign off on the assignment, so this represented the precursor of how we now handle the process using Garancy.”
IT assessments by the European Bank for Reconstruction & Development and internal requirements prompted the new IdM strategy.
Challenge
A highly heterogeneous IT landscape including proprietary user administration solutions had led to an uncontrolled growth of authorizations and looming security risks at Kombank.
“With the realignment of our IT strategy also came a whole new approach to identity management,” explains Vojislav Stojić, IT Security Manager at Kombank. “The new shareholder, European Bank for Reconstruction & Development, introduced highly constructive demands and innovations to the bank.”
Following an extensive IT assessment, the IT strategy was completely realigned, from changing the core banking system to restructuring the telecommunications, disaster recovery and reporting areas through to implementing identity management. The latter item also served to answer the growing internal need for further consolidating user rights and creating uniform profiles.
Implementation
Several IdM systems were scrutinized in detail before the decision was made to use Garancy. The IT experts of Kombank were particularly impressed with the Garancy reference installation at the Slovakian VUB bank based in Bratislava.
The recommendation of Accenture business consultancy, which had found the Beta Systems IAM solution to best match the requirements, also played an important role. This recommendation was founded on the flexible connection capabilities, mixed Windows and mainframe systems as well as the solution’s ability to quickly achieve the IT administration security goals. The opinion and experience of the Prague Komercni Banka, who has been using Beta Systems products for many years, was also considered by Ivan Vasić and his team during the decision-making stage.
Kombank ended up purchasing a total of roughly 3,200 Garancy licenses, plus 300 licenses for technical accounts and external users. The implementation was preceded by a detailed, three-month planning phase. The good cooperation between both companies certainly also had a bearing on selecting this product and manufacturer. “The Beta Systems experts have been supporting our zSeries landscape for many years in a highly reliable manner, and they are also very experienced in the area of RACF,” explains Ivan Vasić.
During this time, Vasić and his colleagues have grown to appreciate the flexibility and reliability of the Beta 88 zSecurity RACF mainframe administration tool and Beta 92 Process History Manager, the log management system for jobs and process logs that serves as their audit repository.
Garancy does away with the previous problem that employees changing their job roles accumulated access rights for many applications in an uncontrolled manner.
Outcome
User and user ID consolidation with Garancy has greatly improved the transparency of IT system administration at Kombank. Previously, basically every employee had their own profile, and many even had multiple ones. Garancy has helped streamline rights allocation, reducing the number to about ten typical user profiles for each logical job per business line, in addition to superordinate group profiles.
As a result, the uncontrolled growth of 3,500 profiles has been streamlined into fewer than 300 well-defined roles. When employees join the company or move to another department, IT can now grant access to all necessary applications within seconds by assigning the appropriate role. From there, Garancy seamlessly takes over, automatically synchronizing with the HR system to handle the rest.
Previously, assignment took place in a time-consuming manual process that involved several administrators. “Garancy does away with the previous problem that employees changing their job roles accumulated access rights for many applications in an uncontrolled manner,” says Vojislav Stojić. Now the bank has largely eliminated this access security risk. The solution also generates detailed reports providing information on when a given administrator assigned what rights to whom. This means that the activities of the security administrators are permanently logged in an audit-compliant manner.
This transformation has made Kombank’s IT department more efficient, introduced transparent audit compliance, and reduced costs. Since replacing the complex, separate user administration for individual applications with Garancy, the entire process has become simpler, faster, and manageable even by less technically skilled staff. As a result, the IT department now fully meets the bank’s security and compliance requirements.