Pulse 2012: ME Bank removes staff access tracking vulnerabilities

Implementation of an identity and access management system helps the bank track staff access to banking applications more easily

Members Equity (ME) Bank, a Melbourne-based financial services provider, can now track each staff members’ access to the core banking applications through the implementation of an identity and access management system.

Speaking at Pulse 2012 in Sydney, ME Bank information security manager, Lachlan McGill, told delegates that prior to the implementation, it was proving difficult to monitor staff access while users had several usernames/passwords to remember when accessing 21 banking applications. In addition, approximately 40 per cent of service desk calls were password related.

“There were also a number of legacy applications [within the bank] and all have authentication data bases which are really hard to control,” he said.

ME Bank also had to deal with regular financial security audits.

“The auditors want to know why a particular staff member has access to these applications and if they’re still working at the company,” he said. “It required a lot of work to get that information,” he said.

ME Bank, a long-time IBM customer, implemented the vendor’s identity and access management system in mid-2011 after going to tender.

The project, which was completed in March 2012, provided the bank with a number of benefits including self-service password resets, a reduction in password-related service desk calls and a secure platform for application purchases.

In addition, McGill said it reduced the amount of time spent with auditors in gathering information on application access levels and increased security through provisioning and de-provisioning of application access.

However, the bank also learned some lessons from the project.

“Self -service password reset and single sign on are quick wins for the business, but when doing this type of project, you need to plan ahead,” he said.

“You know your business better than any vendor so it’s important to have all areas of the business such as human resources, management and risk auditors involved.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the newsletter!

Error: Please check your email address.

More about IBM AustraliaIBM AustraliaMembers Equity

Show Comments

Market Place