As the FSA highlights in the report, the fact that financial institutions have been developing their IT systems over many years has created a wealth of problems. However, many of the problems highlighted by the FSA can be quickly and easily resolved using automated provisioning systems.
In response to the FSA report’s findings, Michael Burling, identity and access management expert and managing director EMEA of Thor Technologies, said: “When financial organisations first started using IT, the main point of entry was the mainframe and access was predominately a manual process. In the last two decades, however, the industry has seen many new technologies and systems introduced and, as organisations have grown, access to key solutions has become a time-consuming and cumbersome task.”
Many financial institutions now have thousands of systems to manage and administrators even more tasks to perform, including the resetting of passwords. Added to this is the pressure to grant new members of staff, including temporary workers, instant access to the systems they need to successfully fulfill their role.
“With scant regard to security, the main focus of many financial
institutions has been to grant access to employees quickly – removing
access rights when an employee leaves the company or moves to another role
doesn’t appear to be a top priority.
“However, it is in these two areas – an employee leaving a company, or an employee changing roles – where security becomes threatened. The risk presented by a potentially disgruntled ex-employee having access rights is great, particularly when it comes to stealing customers’ identities. In addition, the risk incurred by employees’ roles not being managed effectively is equally high, particularly in light of recent legislation,” said Burling.
A fully automated provisioning solution addresses these problems. It automates the whole process of granting approval for access to systems, and once that approval is provided all access is automated in seconds. It is efficient, provides savings, and ensures that only appropriate employees have access to systems they are entitled. As people move throughout the employment life-cycle access to new systems and the removal from now inappropriate ones happens immediately.
Burling said: “When staff leave, their rights are immediately removed so that they no longer have access to any systems at all. To ensure the accuracy of the provisioning, and to pick up any manual intervention, a reconciliation capacity is provided to check who has access to systems versus who should have access. Anyone who is identified as having inappropriate access is flagged for administrators to either approve or take immediate action. Only when financial institutions take the management of user rights and privileges seriously, will we be able to take steps to reduce crime in the sector.”
About Thor Technologies, Inc.
Since 1991, Thor Technologies has provided secure enterprise provisioning solutions to Global 2000 companies and public sector agencies, including application service providers, financial services and telecommunications companies. Thor’s Xellerate secure enterprise provisioning system enables enterprise customers to quickly implement, automate and manage user access, significantly improving security and lowering administrative costs without changes to existing IT infrastructure, internal business processes or policies. In addition, Thor’s unique Adapter Factory technology allows customers to extend Xellerate’s standard connectivity to support additional application targets.
