Finansbank Invests In Improvements to Its Privileged Account Management Processes
November 2010 by Cyber-Ark
Finansbank relies on Cyber-Ark to automate manual tasks that enable it to streamline operations and improve its security posture by getting power users and privileged passwords under control.
Finansbank was founded in Turkey in 1987 and now operates in 10 countries with more than 460 branches and seven million customers. The bank recorded a net profit of $433 million (USD) in 2009 and has more than 10,200 employees. IBTECH S.A. is an IT services group and subsidiary of Finansbank that is responsible for managing the bank’s core banking solution, infrastructure design, project management and services management.
Finansbank faced daunting IT security and compliance challenges associated with its highly manual, time consuming approach to managing privileged passwords to its core banking systems. There was one dedicated password for each server and each device in the network. All passwords were stored in approximately 200 separate paper envelopes in a physical vault. If anyone needed access to an application, server or necessary system, password requests were processed through a service center and issued by hand by the IT team. If there was ever a server crash or the need for a password to be accessed immediately, as in a break-glass scenario, it could take more than 30 minutes just to get the right envelope. Additionally, password inventory was stored in an Excel file, audit reports were limited, and the process for manually resetting passwords after each use wasn’t efficient.
Finansbank worked with ErCon, a reseller partner in Turkey, to select Cyber-Ark’s Privileged Identity Management Suite as a means to tackle its initial pain points associated with password management. The Privileged Identity Management Suite is a full lifecycle solution for securing, managing, automatically changing and monitoring all activities associated with privileged accounts.
Finansbank began installing Cyber-Ark’s Enterprise Password Vault in October 2009, which included integration with ArcSight and RSA tokens, for one-time use passwords. All physical envelopes were transferred to an electronic, virtual vault as part of the Privileged Identity Management Suite. The IT team established a dual-control (request-approve) mechanism so each operational group can access its own safes without external approval. Finansbank established a MasterKey for rapid request approvals, and best of all, all actions associated with password management have been fully automated, from requests to resets, resulting in better authentication and audit capabilities. All user accounts are now integrated within the Privileged Identity Management Suite’s central repository – including MSSQL, Oracle, Windows admins, Unix Root and admins, ATMs, Qmatics netscalers, switches, routers, swift users, firewall and Cisco user accounts.
Going forward, Finansbank will expand its use of Cyber-Ark’s Privileged Identity Management Suite, including implementation of Application Identity Manager™ for privileged accounts embedded in applications. The bank also intends to introduce the Cyber-Ark Inter- Business Vault® for governed file transfer.