Topic
The focus of custom access management has changed over the last few years. While the main duty of Identity Management (IdM) is the centralized administration and automated provisioning of user permissions, by now the emphasis is significantly shifted towards the effective fulfillment of security requirements and compliance.
To answer these new demands, financial institutions started to deal with extending the functionality of their IdM systems, while big IdM vendors invested huge amounts of money in acquisition of 3rd-party Identity Governance (IdG) systems.
In our study we highlighted three topics from recommendation of the Hungarian banking supervision (MNB). The recommendation has been released on the 25th of February 2015 (MNB 1/2015.) The selected topics are requirements, which the banking supervision consider being important, necessary for an effective access management and permission-audit, and which can be fulfilled by adding IdG features to existing IdM systems.
The topics are
Audit of database access rights and privileged user accounts
In case of databases the MNB 1/2015 regulatory recommendation requires the control and audit of access rights of non- built-in roles and privileged user accounts.
Segregation or Separation of Duties – SoD
MNB 1/2015 regulatory recommendation requires the sharing of financial transactions and the segregation of incompatible roles. During supervisory audits existence of and the compliance with these SoD rules are inspected and verified.
Interactive expert role-mining: by experts, from fact data
Due to the easier control and audit when using pre-defined/dedicated business-roles MNB 1/2015 provides significant simplification in the approval process of such privileges. However for large organizations creation and maintenance of such business roles becomes an uncontrollable extensive task.
But there IS an effective solution…that scales with the organization size.