[Customer Case] Fortune-500 Bank Needs IAM insights at scale

Videos

[Customer Case] Fortune-500 Bank Needs IAM insights at scale

December 04, 2023 identity data analytics, iga

Customer Profile 👀

Fortune-500 bank
About 35k Employees
Highly Mature IGA Deployment (+5 Years)

AND

European Bank
About 6k Employees
Highly Mature IGA Deployment (5+ Years)

Challenges

A multinational retail company has multiple identity systems which have diverged, leading to inconsistencies, issues in provisioning workflows and large overhead for the helpdesk.

The IAM team tried to perform root cause analysis with manual data exports and Excel sheets., which resulted in many complex data questions without answers and no correct estimation of cyber security risks.Fortune-500 bank has a mature IGA deployment with many systems connected and much data present, but many users still have not received the information they need.

System owners: who can access my application?
IAM expert: what should I put in a role for team X?
Security experts: orphaned accounts?

The IAM Team attempted to report through its current IGA, Excel sheets or PowerBI. But this resulted in a large CTO for reporting (many people involved, lots of time wasted) and overly high cyber risks.

View transcript

If we go to the next example, we have two banks, two pretty big banks. One is a Fortune 500 bank, one is another European bank with 6.000 and 35.000 employees. They both have very mature IGA systems. There are different IGA platforms at those two customers. But again, they have a lot of systems connected. They have a lot of data in that IGA system, but they don't have the right capabilities to answer the data questions that their business users have. And those questions can be as simple as a system owner just stating "who can access my application?". I had the example with a customer this week as well, where they had a three layered model of granting access permissions, where they had an application role, they had a task role in between and then a business role. And if the system owner of the application role basically wants to know who has access to his application role, he needs to look for a reports about which task roles that are connected to the application role. Then he needs to find out which business roles are connected to the task roles, and then it needs to find out which persons are assigned to both the task roles, the business roles and the application roles. Which is really hard to find out in an IGA platform because it typically doesn't offer this kind of dynamic reporting where you need to correlate a lot of data to get that result in one view. IAM experts, who can basically request which roles that they should be putting in a role for a certain team. Then you need to have role-based analytics. Again, you need to be able to correlate a lot of data. Some IGA platforms are capable of doing so, but not all of them. And they are not always very efficient in doing so. And so it makes a lot of sense again, to use identity analytics there. And then you also have security questions that aren't always easy to respond to. The example uses orphan accounts. But you can also think of "Who had access to a certain SAP system?", but also at the same time was looking at certain file servers or had permissions to a certain drive within a file server. Again, something that you cannot answer when you only look at the IGA platform. What those banks have been doing first was trying to solve those questions with building the IGA reporting that didn't work. So they started exporting all those reports, started matching those reports, which is something that is taking a lot of time, taking a lot of effort, and is a costly thing to do. And every time that you want to have new data, you need to do that process again. So they switched over to the last resort and that is starting to build-it-yourself with PowerBI, Tableau or any other solution that can actually build those reports. But again, it's a costly thing. It's something that needs to be maintained. And in the end, they actually chose for a platform that has those built in analytics.

Videos