Jet Infosystems automates data access rights management at the Bank of Moscow
Moscow. The Bank of Moscow and Jet Infosystems have launched a comprehensive IdM system based on Oracle Identity Governance 11g R2 to provide a full cycle of data access rights management. The system has shortened the time needed to grant access rights from several days to a few minutes, significantly reduced the amount of excessive privileges and provided an efficient mechanism for access rights control and investigations into information security incidents.
“The bank’s IT infrastructure includes about 150 information systems. At the first stage we selected the most critical and heavily used ones. Requests to access these five principal systems during busy periods could number about 15,000 a month. Their automation was a top priority and provided the greatest effect. We wanted to reduce the amount of paperwork, ensure fast and transparent processing of applications for access rights, as well as decrease pressure on IT units, - comments Vasiliy Okulesskiy, head of information security division at the Bank of Moscow. – Another goal was to control information security risks associated with access rights management.”
The contract was awarded to Jet Infosystems, an Oracle Platinum Partner with the Oracle Identity Analytics 11g specialization and excellent experience with Identity & Access Management systems.
Upon a review of current IdM procedures and processes at the bank, Jet Infosystems’ engineers suggested various options of their optimization and developed a concept of automatic endorsement of access rights applications in accordance with the role hierarchy model supplied by the bank.
Jet Infosystems experts then deployed the Oracle Identity Manager infrastructure at the bank’s headquarters and integrated it with the most important information systems (“BOSS-Kadrovik” for HR management, Microsoft Active Directory and Microsoft Exchange) to automate hiring, dismissal and transfer processes. Special connectors were also designed to integrate the centralized IdM system with the “M-Bank” ABS and the Way4 payment processing platform.
The result was a close integration between events in the HR system and actual business processes at the bank. Each employee now can be granted access rights based on his position in the organization and work duties by a centralized management system. Minimum access rights (an Active Directory account and a mailbox) can be granted in a few minutes.
A large-scale project such as the introduction of an IdM system calls for active participation of the client’s experts and involves numerous administrative challenges. These include consultations with the HR department (on the organization of personnel-related paperwork), with the IT department (on account management and division of responsibilities), with business departments (on the optimization of work processes). The success of the efficient new IdM system was largely due to a mature and responsible management culture at the Bank of Moscow.
“Today, when the automation of IT processes has become ubiquitous, information security is a top priority for any modern bank. The new system is an efficient control instrument that provides a current picture of access rights granted to every employee. Automatic access rights management has fully solved the problem of employee access privileges that are excessive or unaccounted for,” – says Vasiliy Okulesskiy.
“The new system improves efficiency as well as transparency in terms of information security. First, it substantially reduces the risk of human interference with access rights management. Second, the information security department now can see the IdM management process for every particular employee both online and in retrospect (which rights were granted/removed and for what reason). Consequently, control over access to information resources at the bank reaches a fundamentally new level,” – adds Dmitry Bondar, IdM projects manager at Jet Infosystems Information Security Center.
“We wish to congratulate the Bank of Moscow with the successful completion of the project based on Oracle Identity Governance 11g R2, – notes Konstantin Kharin, director of the Financial Sector Department at Oracle CIS. – The deployment of an integrated IdM system covering 6,000 employees is vital for a financial organization. It is a perfect example of how technology changes business processes to contribute to the success of the bank as whole.”
Further plans to develop the system include its expansion to regional offices and integration with other information systems.
The Bank of Moscow ranks among the top 5 Russian universal private banks in terms of the amount of assets, capital and deposits. The Bank’s key shareholder is the VTB Group (96.88%). Its development strategy is that of an independent financial institution within the Group. It operates primarily in Moscow and the Moscow Area.