ING Direct Australia overhauls access control

Powered by SC Magazine

Applies to enterprise app portfolio.

ING Direct Australia has completed a year-long overhaul of the identity management and access control system that governs user access to enterprise applications and systems.

Head of IT performance Tony Sestanovic told the Gartner Security and Risk Management Summit in Sydney yesterday that the new system had been applied to 30 Sarbanes-Oxley (SOX)-related applications with 1200 users in the first 90 days of operation.

A further 90 enterprise applications had since been added, he said.

Sestanovic said the firm undertook an internal risk assessment in late 2010 with the help of its IT security team.

The assessment identified employees with incorrect role-based permissions for access to internal systems and data.

The finding was subsequently tabled by ING’s audit firm and picked up and exposed by the Australian Prudential Regulatory Authority (APRA), which oversees regulations around access rights.

The firm started implementing SailPoint's IdentityIQ software in February 2011, about six months after the internal risk assessment. The rollout took over 12 months, finishing earlier this year.

The project became "an information exchange initiative across the entire organisation; from the guys using the facilities, to HR, through to all our business units," Sestanovic said.

"Even though IT kicked it off, this was not an IT-driven piece of work," he said.

Having “tackled the beast” for over a year, Sestanovic acknowledged it would have been easy for the company to “roll over” and walk away from the project.

“But we knew this wasn’t the right approach and would cause more issues and challenges in the future,” he said. 

Aside from addressing compliance and risk concerns, Sestanovic said the system made it easier to manage new requests for access to internal systems.

"For the first time for these key systems, people can see the access that their teams have got," he said.

"They know what's what and have the information at their fingertips." 

Copyright © . All rights reserved.

ING Direct Australia overhauls access control
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx