Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

10:25 AM
Chris Sullivan, Courion Corporation
Chris Sullivan, Courion Corporation

It Takes Intelligence to Close the Identity and Access Management Gap

Banks have been the Holy Grail for hackers, thieves and disgruntled ex-employees for centuries. Yet somehow, the security burden keeps growing.

The challenge for banks has always been ensuring the right people have the right access to the right resources and do the right things with them -- this is identity and access management (IAM). The first wave of solutions in the early 2000s automated provisioning with a focus on efficiency. Organizations could on-board new employees more quickly while using fewer IT staff to do it. The second wave of solutions focused on governance, helping organizations meet increasing regulatory pressure. Still, breaches kept climbing exponentially.

The IAM Security Gap

The remaining problem is a disturbing phenomenon at the heart of every institution’s information security program: The "IAM gap."

Consider this: Actions such as on-boarding a new customer or employee, promoting a staff member, terminating a contractor, merging companies or departments, or delivering a new product all require changes in identities and access to sensitive information. How do you keep up with the constant changes?

Well, traditional IAM solutions address only part of the problem. User provisioning puts controls in place to ensure users are given only the access rights they need to do their jobs. Later – say, every three, six, nine, 12 months – organizations perform periodic reviews or certifications to validate that those access rights are in line with policy.

But here’s the problem: traditional IAM solutions don’t address the constant changes in identities, access and information stores -- billions of access relationships in most organizations -- that take place in the months between provisioning and validation. What you end up with is a huge gap that leaves an institution’s sensitive company information at risk to internal and external threats

1 of 2
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.