ING Direct Australia overhauls access control

Powered by SC Magazine

Applies to enterprise app portfolio.

ING Direct Australia has completed a year-long overhaul of the identity management and access control system that governs user access to enterprise applications and systems.

Head of IT performance Tony Sestanovic told the Gartner Security and Risk Management Summit in Sydney yesterday that the new system had been applied to 30 Sarbanes-Oxley (SOX)-related applications with 1200 users in the first 90 days of operation.

A further 90 enterprise applications had since been added, he said.

Sestanovic said the firm undertook an internal risk assessment in late 2010 with the help of its IT security team.

The assessment identified employees with incorrect role-based permissions for access to internal systems and data.

The finding was subsequently tabled by ING’s audit firm and picked up and exposed by the Australian Prudential Regulatory Authority (APRA), which oversees regulations around access rights.

The firm started implementing SailPoint's IdentityIQ software in February 2011, about six months after the internal risk assessment. The rollout took over 12 months, finishing earlier this year.

The project became "an information exchange initiative across the entire organisation; from the guys using the facilities, to HR, through to all our business units," Sestanovic said.

"Even though IT kicked it off, this was not an IT-driven piece of work," he said.

Having “tackled the beast” for over a year, Sestanovic acknowledged it would have been easy for the company to “roll over” and walk away from the project.

“But we knew this wasn’t the right approach and would cause more issues and challenges in the future,” he said. 

Aside from addressing compliance and risk concerns, Sestanovic said the system made it easier to manage new requests for access to internal systems.

"For the first time for these key systems, people can see the access that their teams have got," he said.

"They know what's what and have the information at their fingertips." 

Copyright © . All rights reserved.

ING Direct Australia overhauls access control
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.