With over 4,000 employees and hundreds of critical applications and data sources, the bank recognised it needed to transition from manually focused management of access to system services and data to an automated solution that would enable the bank to secure its data more completely while meeting compliance requirements.
Using SailPoint solutions, the Bank has implemented automated identity management starting with 21 systems and now increasing to over 350, while automating compliance processes and delivering identity management for unstructured data, reducing risk, and streamlining compliance.
Banking
5,000 employees
Identity Security Cloud
IdentityIQ
SailPoint Technologies
“Now, we have a really good handle on our access risk, and we have end-to-end identity lifecycle management really well nailed down.”
— Cyber Security Design Team Lead, Central Bank of major global economy
21 → 350+: Applications under identity management
<50% → 95%+: Successful access review completion rate
1: Single pane of glass for access management across system services and unstructured data
Like many organisations, the bank was challenged when it came to managing access to its hundreds of systems and multitudes of data sources. Delivering accurate information and rock-solid financial services in today’s fast-moving world requires responsive and agile IT systems, yet compliance and security requirements have never been higher, especially for an organisation like this that’s charged with setting regulatory standards for other banks.
The bank needed a way to easily, quickly, and automatically control access to data and IT resources—one that wouldn’t require manual management and could automatically manage compliance requirements.
“Our identity and access management governance at the bank was previously limited to a small number of systems. Instead, the vast majority of access to system services and data was managed through help desk processes and a broad range of products in a very ad hoc way. It was very inefficient. We had a lot of tools to operate, a lot of things to manage, and we didn’t have a centralised view.”
“We have a complete yin and yang. On the payment side of the bank where we’re talking about the government’s balance sheets and payments, it’s vital to be heavily controlled. Yet when it comes to policy decisions, the biggest risk is that people don’t have access to the information they need to make the correct policy or rate-setting decision.”
“For the good of the people of the country it all depends on good identity and access management processes. We knew we couldn’t meet the levels of accountability and compliance we needed to if we didn’t have the appropriate tools in place.”
The bank set itself a challenge to find a centralised identity and access management solution that could integrate well and bring together the access risk view and automation, including provisioning and de-provisioning.
After an extensive evaluation the Bank selected SailPoint to transform its identity security.
“SailPoint was clearly the leader with its ability to integrate identity management into a broad range of our products and platforms. The bank runs hundreds of technology stacks and SailPoint definitely had the best solution with regards to integration.”
Since initially deploying SailPoint in its top 21 systems, the bank has expanded to more than 350 systems, building identity management into standard delivery processes.
Less than 50% access review completion before SailPoint → now at least 95%
Metrics provided regularly to governors and deputy governors
Identity management integrated into employee onboarding (accounts provisioned before start date)
Extended to unstructured data access management
All achieved without additional staffing resources
Identity automation has enabled the bank to understand risks better and improve lifecycle management
Positioned to adopt digital transformation and cloud services
Planning extension of identity management into non-human identities (machine learning and AI)
Identity security is now the heart of the bank’s cyber strategy for the next 3–5 years, including zero trust principles