Actu
Finansbank Invests In Improvements to Its Privileged Account Management Processes
November 2010 by Cyber-Ark
Finansbank relies on Cyber-Ark to automate
manual tasks that enable it to streamline
operations and improve its security posture by
getting power users and privileged passwords
under control.
Finansbank was founded in Turkey in 1987 and now operates in 10 countries with more than 460 branches and seven million customers. The
bank recorded a net profit of $433 million
(USD) in 2009 and has more than 10,200
employees. IBTECH S.A. is an IT services
group and subsidiary of Finansbank that
is responsible for managing the bank’s
core banking solution, infrastructure
design, project management and services
management.
Finansbank faced daunting IT security and
compliance challenges associated with its
highly manual, time consuming approach to
managing privileged passwords to its core
banking systems. There was one dedicated
password for each server and each device
in the network. All passwords were stored in
approximately 200 separate paper envelopes
in a physical vault.
If anyone needed access to an application,
server or necessary system, password
requests were processed through a service
center and issued by hand by the IT team. If
there was ever a server crash or the need for
a password to be accessed immediately, as
in a break-glass scenario, it could take more
than 30 minutes just to get the right envelope.
Additionally, password inventory was stored in
an Excel file, audit reports were limited, and
the process for manually resetting passwords
after each use wasn’t efficient.
Finansbank worked with ErCon, a reseller partner in Turkey, to select Cyber-Ark’s Privileged Identity Management Suite as a means to tackle its initial pain points associated with password management. The Privileged Identity Management Suite is a full lifecycle solution for securing, managing,
automatically changing and monitoring all
activities associated with privileged accounts.
Finansbank began installing Cyber-Ark’s Enterprise Password Vault in October 2009, which included integration with ArcSight and RSA tokens, for one-time use passwords. All
physical envelopes were transferred to an
electronic, virtual vault as part of the Privileged
Identity Management Suite. The IT team
established a dual-control (request-approve)
mechanism so each operational group can
access its own safes without external approval.
Finansbank established a MasterKey for rapid
request approvals, and best of all, all actions
associated with password management
have been fully automated, from requests
to resets, resulting in better authentication
and audit capabilities. All user accounts are
now integrated within the Privileged Identity
Management Suite’s central repository –
including MSSQL, Oracle, Windows admins,
Unix Root and admins, ATMs, Qmatics
netscalers, switches, routers, swift users,
firewall and Cisco user accounts.
Going forward, Finansbank will expand its use
of Cyber-Ark’s Privileged Identity Management
Suite, including implementation of Application
Identity Manager™ for privileged accounts
embedded in applications. The bank also
intends to introduce the Cyber-Ark Inter-
Business Vault® for governed file transfer.
