Language change icon for desktop
English  |  Dutch  |  French
/ / Business Consulting

Identity and Access Management Remediation

/ / Customer Challenge

A leading Tier-1 bank identified significant gaps and deficiencies in the design, implementation, and operation key procedural controls for identity and access management. A program was established to address the issues and multiple remediation workstreams were initiated to reduce the risk of privileged and inappropriate access to infrastructure. While the immediate issues and basic remediation options were operationally understood, it was recognized that a sustainable approach and new strategy for the management of access rights was required to realise successful long-term risk reduction.

/ / How Synechron Helped

Synechron was retained to lead and execute several projects and provide the expertise necessary to help achieve the program’s objectives. A highly skilled team of security architects, experienced project managers, and domain business analysts and SMEs were engaged across a diverse stakeholder group (including IT Security, CTO, Architecture, Risk & Compliance, Infrastructure, Application Development, Operations, and Audit).

The team executed a basket of projects to realise near-term risk reduction benefits across audited key procedural controls in four areas of critical concern: segregation of duties, highly privileged users, temporary privileged access, and management of technical (non-user) accounts. Existing control processes were analysed and remediated, and new processes were designed and implemented resulting in the downgrade/closure of several high-visibility operational risk issues.

Synechron also defined, mobilised and executed a project to design and deliver a centralised access management controls assurance service providing improved transparency on the effectiveness of access management controls as well as governance and tracking around the remediation of control violations. Working closely to meet the needs of 1st and 2nd lines of defence, the service directly supported the quarterly internal controls assessment process for on boarded controls. Additionally, Synechron led the program’s flagship project to define a new end-to-end future-state strategy for access management. The target operating model addressed control gaps strategically by considering the full lifecycle of infrastructure entitlements from request & approval through to provisioning and removal. It also encompassed supporting processes such as re-certification and reconciliation. Controls were embedded in the processes including upstream and downstream dependent activities such as Joiner, Mover, and Leaver processes.

/ / Results

Near-term risk reduction benefits

  • Control deficiencies closed or mitigated on existing control processes
  • Increased frequency and timeliness of control violation reporting
  • Several high visibility operational risk issues closed or downgraded
  • Drove significant reductions in outstanding control violations

Sustainable control effectiveness

  • Increased automation and reliability across control operational process areas
  • Reduced risk exposure window between the occurrence of a violation and its detection
  • Increased transparency around control effectiveness
  • Governance and oversight of control processes and violation remediation tracking
  • Ability to correlate data across multiple sources to enhance detection of interrelated violations

Interested in joining us?

See our current openings

How we’ve helped our clients achieve their transformation goals for other large-scale, global programs