05:15 PM
UMB Takes a Streamlined Approach to Single Sign-On
One of the fastest ways to customers' hearts is to make life a little easier for them. But Kansas City, Mo.-based UMB Financial ($11.9 billion in assets) not only improved the online user experience with a recent single sign-on initiative for its online banking applications, it also boosted internal efficiencies.
According to Kanon Cozad, SVP and director of application development at UMB, the bank had numerous account and identity management systems, each with its own stand-alone administration and security that had to be integrated into one reduced sign-on environment. The original plan was to roll out a single sign-on solution over 24 months, Cozad reports. When the Federal Financial Institutions Examination Council and Office of the Comptroller of the Currency started issuing guidance on online banking security, however, that timeline was accelerated to just six months, he says, and work began in early 2006.
"The bank was on a two-year plan to roll out [Identity Management] from the inside out," Cozad explains. "FFIEC guidelines and strong recommendations from the OCC changed the two-year plan to a six-month plan, and it reverted to an outside-in implementation."
As a result of the accelerated timeline, Cozad says, UMB decided to look beyond its walls for help. The bank's short list of secure online access solutions providers included Novell, CA (Islandia, N.Y.) and IBM (Armonk, N.Y.). Ultimately, Cozad relates, Waltham, Mass.-based Novell's suite of identity management (IDM) solutions -- including Identity Manager for assigning and managing employee access rights and Access Manager, which provides secure remote access -- was the best fit for the financial institution.
"Novell had the most compatible and extensible solution compared to the competition," he contends, noting that additional support from Novell Consulting provided added value during the engagement. "They also had an experienced and flexible account team."
Streamlining the Architecture
Cozad explains that the primary focus of the implementation was analyzing the disparate application security systems and designing a method to integrate them into a reduced sign-on architecture. Additionally, there was a good deal of coding involved to customize the identity management drivers, he says, noting that both UMB developers and Novell contract resources were involved in this aspect of the project.
UMB needed to acquire some new hardware on which to install the IDM system. The bank has a heterogeneous IT environment, according to Cozad, comprising multiple operating environments (mainframe, UNIX, Windows) and database environments (Oracle, SQL Server, DB/2). To run the Novell solution, UMB installed the SUSE Linux operating system as well as Intel-based HP hardware. Some of the related systems run on Linux virtual machines.
The data integration phase involved evaluating the various mechanisms for user authentication that the bank had built or purchased over the years and building a permissions matrix to federate those methods, according to Cozad. "Once that identification process was completed, we began to map those permissions back into the Novell single sign-on solution, which allowed us to decommission alternative access methods as they were moved over," he explains.
"The ultimate solution fits in pretty well [with the company's IT infrastructure]," Cozad says. "Now that we're past the initial data integration phase of the project, it requires far less effort to leverage the system for new applications that use LDAP [Lightweight Directory Access Protocol] or NTLM [Windows NT LAN Manager] browser authentication. The user management process is far more simplified."
Most of the training on the new identity management system was acquired on-the-job for UMB's people. But, "We also had an onsite engineer from Novell who provided quite a bit of expertise and knowledge transfer," Cozad adds, noting, "Formal training in the form of classes was also involved."
The solution was rolled out to online banking customers by the end of 2006, Cozad reports. The core internal rollout was completed at the end of 2007, with ongoing enhancements added as resources allow.
The end result is a solution that has reduced IT administration time by 25 percent and consolidated the bank's servers by 70 percent (after decommission its disparate authentication mechanisms). Other tangible results include more-secure remote access capabilities, fewer passwords to memorize (and reset), a more reliable audit trail for external auditors and an improved ability to specify entitlements to applications.
"As a bank, proper access is critical to prevention of information loss and unauthorized access," Cozad comments. With the Novell system in place, "Security changes are becoming more and more automated based on job code and position. As employees transfer from department to department, their access rights and entitlements change according to the business and security needs of the receiving department. Also, access review is less complicated and far more accurate."
Case Study Snapshot
Institution: UMB Financial (Kansas City).
Assets: $11.9 billion in assets.
Business Challenge: Eliminate multiple logins for online applications.
Solution: Novell single sign-on and identity management solution suite.