Web Site Generator

Identity Access Management System

Overview:

A global commercial bank having a branch office in NY, New York Branch offers banking and financial services wanted to enhance the security of the system, enhanced role management and implement a full security audit. The current system presented several security concerns. This meant that there were a variety of security features spread across the applications. The main problem was inconsistent authentication

mechanisms, with different standards coupled with weak password management.


This decision put several hurdles in our path. First was the problem of Access control. In the old system access control was implemented at granular level i.e. the number of Roles in the system was too high which resulted in poor access management and little or no audit. While it would have been possible to make the application auditcompliant, the expense and time it would have taken were hard to justify and in the end it would have still been



Solution:


  • Ana-Data was engaged to design, develop and implement the company’s centralized privileged user Authentication and Authorization Management framework 
  • Designed and developed a single sign-on system using NT authentication and moved the access control to LDAP groups. i.e. Roles are created as groups in LDAP. Users were added to the respective groups
  • Ana-Data created a reusable security module to handle the authentication of users based on the LDAP roles (groups)
  •  Ana-Data also updated the system with latest technology and implemented single sign on feature which removed the necessity to maintain password in the database
  •  Implement Role Based Access Control (RBAC)


Benefits:

  • Efficient implementation of inter-application access using a flexible security system
  • Single sign-on for all users and different applications
  • Don’t need to remember password
  • By implementing single sign-on, the security concerns related to weak password were eliminated.
  • Integration of the system with the LDAP enforced strict access control supporting Role Based Access Control (RBAC)
  • All requests for role changes are submitted through a central ticketing system which has full audit trail.
  • Since the security module is reusable, it is possible to use the same for all applications in the company. This ensures standard security practice.
  • For compliance daily automated notification of new users added or removed from the system including users added and removed from groups
  • Full access control at page, view or function leve