A multi-chartered financial services company with 30 different banks, Synovus Financial was looking to automate user provisioning and streamline access management. By using Novell Identity Manager and Novell Secure Login, Synovus has tightened security while vastly reducing IT costs.
Synovus Financial (Synovus) is a more than $33-billion dollar financial services holding company. Synovus provides commercial and retail banking, as well as investment services, to customers through 30 banks, 330 offices and 467 ATMs in Georgia, Alabama, South Carolina, Florida and Tennessee.
As a highly regulated institution, Synovus sought to tighten access and security controls to satisfy bank regulators and third-party auditors, while driving down escalating support costs. "User provisioning and deprovisioning used to take several days," said Steven Jones, director of Operational Risk for Synovus Financial. "We needed to be able to modify or revoke user access rights immediately in order to mitigate risk."
The company also was under pressure to enforce strong password management. "Each user had at least six unique passwords, and inevitably many of them forgot passwords or wrote them down," said Jones. "Forgotten passwords and locked accounts actually represented 70-80 percent of our helpdesk calls. We needed a solution that would alleviate this burden while bringing tighter security across the enterprise."
In addition, Synovus wanted to find a way to improve user convenience while strengthening security. "We wanted to bring ease of operability to our employees to create a more efficient front-line experience," said Jones. "We have a dynamic workforce. When a teller moves from one branch to another, for example, we needed a way to tie their credentials to their role so they could quickly get up and running."
Synovus is now leveraging Novell SecureLogin to provide enterprise single sign-on capabilities. "Novell scripting capabilities gave us the ability to handle scenarios that other solutions couldn't provide," said Jones.
The company is also using Novell Identity Manager to automate user provisioning and deprovisioning. "Novell Identity Manager was the only solution that suited our needs," said Jones. "We liked that we could leverage Novell eDirectory services for the provisioning of third-party banking applications."
Synovus now uses Novell Identity Manager to synchronize and manage more than 6,700 identities across its HR system, FIS deposit and loan origination system, homegrown banking applications, multiple directories, Novell GroupWise, as well as its corporate intranet and training software. Additionally, Synovus used SOAP services to integrate some of its legacy banking systems.
“Novell identity and access management solutions enable us to demonstrate appropriate access control and risk management practices for Sarbanes-Oxley and other regulations like Gramm-Leach-Bliley, while cutting the associated IT costs by 80 percent.”
Director of Operational Risk
Synovus has benefited from the solution's attribute-level data management capabilities. "We can now use a wide variety of attributes to determine user roles," said Jones. "By leveraging Novell workflow modules, we've really been able to automate the entire user provisioning and deprovisioning processes, which now occur in near real time. In addition, if a user changes roles or moves from one location to another, all of their access rights are updated automatically. Novell Identity Manager helps us ensure the integrity of our workflows and gain more efficient processes."
Novell SecureLogin provides Synovus with enterprise single sign-on capabilities to ensure its internal and external password security policies can be enforced with far less effort. Users now only need to remember one password, instead of six or more. "We've been very impressed with Novell SecureLogin," said Jones. "It met all of our requirements, offering tight integration with directory services, the ability to leverage directory service attributes and support for credential provisioning."
Synovus worked with Novell Consulting throughout the implementation. "We have an exceptional working relationship with the Novell consulting team and have always found it to be a positive experience," said Jones.
Working with Novell has helped Synovus tighten security and access controls while lowering its total cost of ownership. "Novell Identity Manager gives us a framework for effectively managing user identities. We can now maintain security controls while realizing the productivity gains that come from an integrated solution."
"Novell identity and access management solutions enable us to demonstrate appropriate access control and risk management practices for Sarbanes-Oxley and other regulations like Gramm-Leach-Bliley, while cutting the associated IT costs by 80 percent," said Jones. "We've further reduced risk by eliminating excess accounts that could otherwise have been misused."
Using SecureLogin, Synovus has further increased its security controls, while significantly reducing password-related helpdesk calls and enabling the rapid deployment of new Web-based applications. "From a risk management perspective, Novell SecureLogin offers tremendous advantages," said Jones. "We've eliminated risky password behaviors while ensuring the right people have access to the right information."
Since the rollout of a single sign-on solution, the company has seen tremendous financial and productivity gains. "With Novell SecureLogin, we've reduced our password-related helpdesk calls by 40 percent," said Jones. "The solution has also made it easier for users to move from application to application. They can now focus on the customer they're working with, rather than having to fumble through applications."