ING Direct Australia overhauls access control

Powered by SC Magazine
 

Applies to enterprise app portfolio.

ING Direct Australia has completed a year-long overhaul of the identity management and access control system that governs user access to enterprise applications and systems.

Head of IT performance Tony Sestanovic told the Gartner Security and Risk Management Summit in Sydney yesterday that the new system had been applied to 30 Sarbanes-Oxley (SOX)-related applications with 1200 users in the first 90 days of operation.

A further 90 enterprise applications had since been added, he said.

Sestanovic said the firm undertook an internal risk assessment in late 2010 with the help of its IT security team.

The assessment identified employees with incorrect role-based permissions for access to internal systems and data.

The finding was subsequently tabled by ING’s audit firm and picked up and exposed by the Australian Prudential Regulatory Authority (APRA), which oversees regulations around access rights.

The firm started implementing SailPoint's IdentityIQ software in February 2011, about six months after the internal risk assessment. The rollout took over 12 months, finishing earlier this year.

The project became "an information exchange initiative across the entire organisation; from the guys using the facilities, to HR, through to all our business units," Sestanovic said.

"Even though IT kicked it off, this was not an IT-driven piece of work," he said.

Having “tackled the beast” for over a year, Sestanovic acknowledged it would have been easy for the company to “roll over” and walk away from the project.

“But we knew this wasn’t the right approach and would cause more issues and challenges in the future,” he said. 

Aside from addressing compliance and risk concerns, Sestanovic said the system made it easier to manage new requests for access to internal systems.

"For the first time for these key systems, people can see the access that their teams have got," he said.

"They know what's what and have the information at their fingertips." 

Copyright © iTnews.com.au . All rights reserved.


ING Direct Australia overhauls access control
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 435

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 209

Vote