Operate More Efficiently
Operating in more than 4,000 buildings, one of the largest U.S. banks could not keep up with the onboarding and offboarding of 300,000+ employees, contractors, vendors and visitors. Thousands of people were involved in approving building access, all working in different departments at different locations, each with their own manual processes and compliance requirements.
MAINTAINING FINANCIAL SERVICES COMPLIANCE REQUIREMENTS
The sheer number of identities to manage was overwhelming and consisted of cumbersome, manual processes using multiple emails and phone calls across the organization. It often took days to get a new employee an access card. Scarier yet were delays in removing an identity from the system, giving ex-employees and non-employees access after their termination dates. All of the manual processes above bogged down the Security Operations department in volleying emails, running reports and doing endless data entry. Rather than hire more people to resolve these issues, the bank looked at technology to streamline its operations, increase efficiencies and manage identities.
CHALLENGE
-
Manual onboarding and offboarding process for 300,000+ employees, vendors and contractors
-
Email- and paper-based access request process involved thousands of local approvers
-
Inability to review/audit access privileges in a timely or cost effective way
-
Insufficient resources to complete access assignment process audits
-
Centralized security architecture created inefficient security department
-
Impossible to enforce corporate audit and security policies
-
Implemented a homegrown system that produced a 31% completion rate of quarterly access audits.
SOLUTION
-
Symmetry CONNECT policy-based identity management platform to automate all manual processes, improve efficiencies, reduce risk and help bank meet audit and compliance requirements
-
Registered more than 3,000 access area owners
-
Notifications and escalations automatically sent to access owners and managers during audits to enforce compliance
-
Able to complete quarterly audits per corporate policy
-
Streamlined access request process, eliminating all manual work efforts.
-
Implemented distributed security architecture to more efficiently manage identities
RESULTS
-
Automated on and off boarding
-
Distributed model increased efficiencies-faster turnaround with lower labor cost
-
Automated workflow provided simple method for access area owners to action access requests
-
Access request automated with one click, and sent to Symmetry Access Control
-
Estimated savings of more than $1 million annually
-
Create audit reports instantly to meet compliance requirements
-
Reduced access confirmation audits from more than 1million to 500,000.
-
100% completion of every quarterly audit since implementation
Using Symmetry CONNECT the bank restructured its operations to a distributed model, giving ownership to door owners to approve or deny access requests and on and off boarding requests with the click of a button.
Maintaining financial services compliance requirements by manually auditing individual access privileges was nearly impossible. The Security Operations audit process consisted of Excel sheets that were shared and reviewed securely by various teams, but took months to complete. The bank was falling out of compliance and wasting money.
Implementing AMAG Technology’s Symmetry CONNECT web-based identity management platform with Symmetry Access Control automated all of these manual processes. Automated notifications sent via CONNECT workflow automated recertifications and access requests, allowing the bank to enforce compliance requirements.
Using Symmetry CONNECT identity management software, the bank restructured its operations to a distributed model, giving ownership to access owners to action access requests, audit their secure areas and manage identities with the click of a button. This eliminated the security team bottleneck, saved the bank millions of dollars in labor and created a safer environment. Detailed audit reports allowed the bank to prove compliance requirements were met and maintained over time.
