ME Bank bakes security into core overhaul

Powered by SC Magazine
 

Doles out role access to staff.

Members Equity Bank has identified security and identity access management as a "foundational piece" of its $57 million technology overhaul.

The bank is currently a year into the four-year transformation program, which aims to upgrade its core systems to be able to handle up to four times its current 250,000-strong member base.

It has begun rolling out a new core banking solution based on Temenos and webMethods, and recently finished rolling out several IBM role-based identity access tools to clamp down on unauthorised or unrevoked user access to applications.

Lachlan McGill, ME Bank's information security manager, said the IT team approached bank executives with security as one of three core pillars underpinning the core overhaul.

"We went to the board and said 'systems transformation, we know we've got to put it in otherwise we're not going to be here in five years' time'," he said.

"'If we want this transformation program to be a success, we need to put in the core foundational pieces - business process modelling, integration across the service bus and the other one was identity and access management.'"

ME Bank's core systems overhaul was approved alongside an IT security project that aimed to provide greater control over applications and systems access for internal staff, former employees and the bank's managed services provider.

Former employees were particularly worrisome for the bank, as they sometimes retained access to legacy applications after leaving the bank.

McGill said the information environment had become a security "nightmare" for both the IT team and staff who often had to remember more than 20 usernames and passwords for individual applications.

"Without fail when we were rolling out some of this, we'd go to people's workstations and we'd say 'log into this application for us' and they'd go to their top drawer, grab their diary or take their post-it note off the monitor and type in their username and password," he said.

The tools, rolled out earlier this year, provided the bank with enterprise single sign-on and self-service password resets for applications, significantly reducing the 25 to 40 percent of service desk calls from employees asking for password resets.

"The amount of good will we had coming back from the business just from the single fact of single sign-on and self-service password reset was incredible. They're really easy technologies to deploy, I'm amazed we didn't do it earlier, quite frankly," McGill said.

The bank rolled out single sign-on to its ActiveDirectory database as well as most Unix and Linux applications but decided against providing similar access to legacy applications.

McGill said assigning and maintaining role-based access for staff had since become a significant part of the IT team's day job, in addition to reworking the application after implementation to "get it to the way we actually wanted it to work".

However, he said the security functionality now allowed the bank to provision a workstation and email, along with some applications for new staff within a day, as opposed to the two weeks many often waited prior to the transformation program.

Technology transformation

ME Bank expects to roll out the business process management and service bus integration components of its $57 million transformation program this year.

McGill told iTnews that with business process management in particular, the bank would be able to take a personal loan application and "refer that onto the right people and right system".

"You'll be able to just automate that process from end-to-end," he said.

ME Bank joins a number of banks currently undergoing core overhauls with the aim of achieving real-time banking and seven-day payment clearance capabilities.

"When we looked at who we were going to use for our core banking product, we did speak to a numbers of institutions around their experiences with the different vendors," McGill said.

"We'll be relying on trusted service integrators to provide that insight or get that information from other organisations such as CommBank."

Copyright © iTnews.com.au . All rights reserved.


ME Bank bakes security into core overhaul
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  13%
 
Software development
  26%
TOTAL VOTES: 234

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 72

Vote