ING Direct Australia overhauls access control

Powered by SC Magazine
 

Applies to enterprise app portfolio.

ING Direct Australia has completed a year-long overhaul of the identity management and access control system that governs user access to enterprise applications and systems.

Head of IT performance Tony Sestanovic told the Gartner Security and Risk Management Summit in Sydney yesterday that the new system had been applied to 30 Sarbanes-Oxley (SOX)-related applications with 1200 users in the first 90 days of operation.

A further 90 enterprise applications had since been added, he said.

Sestanovic said the firm undertook an internal risk assessment in late 2010 with the help of its IT security team.

The assessment identified employees with incorrect role-based permissions for access to internal systems and data.

The finding was subsequently tabled by ING’s audit firm and picked up and exposed by the Australian Prudential Regulatory Authority (APRA), which oversees regulations around access rights.

The firm started implementing SailPoint's IdentityIQ software in February 2011, about six months after the internal risk assessment. The rollout took over 12 months, finishing earlier this year.

The project became "an information exchange initiative across the entire organisation; from the guys using the facilities, to HR, through to all our business units," Sestanovic said.

"Even though IT kicked it off, this was not an IT-driven piece of work," he said.

Having “tackled the beast” for over a year, Sestanovic acknowledged it would have been easy for the company to “roll over” and walk away from the project.

“But we knew this wasn’t the right approach and would cause more issues and challenges in the future,” he said. 

Aside from addressing compliance and risk concerns, Sestanovic said the system made it easier to manage new requests for access to internal systems.

"For the first time for these key systems, people can see the access that their teams have got," he said.

"They know what's what and have the information at their fingertips." 

Copyright © iTnews.com.au . All rights reserved.


ING Direct Australia overhauls access control
 
 
 
Top Stories
Time management tips for CIOs
[Blog post] How to get to the genba.
 
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1096

Vote