Global Banking Giant Endorses SRM for Identity and Access Management(IAM), Identity Certification, Role Engineering, Role Management and Identity Audit ..

Global Banking Giant Endorses SRM for Identity and Access Management(IAM), Identity Certification, Role Engineering, Role Management and Identity Audit. And Build an Identity Warehouse (common repository) within the SRM tool to load the application security extracts with user entitlement data for SoX critical applications.

Recreate the Business-Unit hierarchy structure at client within the Sun Role and Compliance Manager (SRM) tool to define and display 40000+ User-Manager relationships with the organization.

Maintain records for 350k+ users with access to financially critical transactions across the different platforms and applications.

Automate and enhance Identity Certification and Identity Audit [Segregation of Duties] module to perform certifications of user access to financially critical transactions across multiple applications.

Certify users’ access based on roles where available and application security setting definitions in all other cases.

Certify accesses of 350k+ users distributed across 40000+ business units with more than 100k accounts with access to high risk transactions

Ensure certification takes place within 60 days

Ensure Segregation of Duties are defined implemented and continuous monitoring of transactions of users in available .

The latest version of SRM v4.0.1 with enhanced features was implemented by the Simeio Solutions consultants to help the client achieve their Certification and Audit goals. The enhanced AJAX UI Interface, administrative dashboard, advanced Business Unit – Users correlation and an enhanced Identity Certification and Audit module provided by the new version was an ideal identity management solution to meet audit requirements.

The data imports process for building the Identity Warehouse for the 350k + users and their hierarchical entitlement data was completed by utilizing the ability of SRM to automate and schedule the process of users, accounts and glossary (business descriptions for the entitlements).

The certification module implemented ensured that access to sensitive application data is only provided to users with a valid business need. The two-stage enhanced Certification module implemented at the client verified that the users were reporting to the appropriate managers and in cases of users transferred to new managers/departments and terminated users, reports were generated and sent to the business to reassign them to the current managers. The updated data was reloaded in the SRM tool and new certifications sent to the correct managers. In parallel to implementing the Identity Certification module to review user access at client, SRM was used to address immediate needs to perform Segregation of Duties (SoD) analysis on SoX critical applications to meet client’s audit requirements. Overall close to 200+ SoD business policy conflicts were mapped in the tool and 350k+ users were scanned for SoD violations.

June 10, 2009 - Posted by simeiosol | IT consultancy, IT solutions | access control, access governance, Agiliance, banking, business process management, CA, communications, compliance, compliance management, Computer Associates, digital identity management, direct access, DirectAXs, enterprise role management, enterprise security, entertainment, financial services, GLBA, governance, government, GRC, GRCAXs, healthcare, HIPAA, hosted identity, IAM, IBM, ICOMAXs, identity access management, identity and access management, identity attestation, identity audit, identity certification, identity management, IDM, information security, IT GRC, managed services, manufacturing, network security, Novell, OIM, on demand identity solution, Oracle, Oracle Identity Manager, Radiant Logic, RBAC, risk management, role based access control(s), role management, ROMAXs, SaaS, SailPoint, Sarbanes-Oxley, segregation of duties, SIM, Simeio, Simeio Solutions, software as a service, SOX, SRM, Sun, Sun Identity Manager, Sun Role Manager, telecom, TIM, Tivoli Identity Manager, user certification, virtual directory, web services security