Bancomext is a state-owned bank with financial capital of 130 billion Mexican Pesos (10 billion USD). Employing over 500 people in five regional offices, Bancomext's mission statement is to promote and finance small and medium Mexican companies in international export markets.
As a result of the growth of new Bancomext products, the bank required a strategic technology plan to implement new systems over a three-year period. Identity management was a key aspect of this re-organization.
In addition, Bancomext needed to update its identity management processes to enable compliance with recent government regulations, which require financial institutions to use a single solution across all electronic resources used in online banking services. Furthermore, Bancomext wished to increase security levels in managing user accounts.
"Removing and provisioning access rights to a user was complicated," said Norma Zaldivar, Head of Systems, Bancomext. "There were potential security risks if elements of this process were overlooked."
Users were required to remember three to five user names and passwords and log into the bank's systems one-by-one, which was time-consuming.
"For each application there was a separate access control scheme," said Zaldivar. "Adding or removing users was a laborious process that took two days and required input from several departments."
Bancomext evaluated several possible solutions and ultimately decided to implement Identity Manager and Access Manager.
"We referred to a recent study which concluded that the solutions offered by Novell (now a part of Micro Focus) are some of the most complete and competitively priced on the market," said Zaldivar. "Novell offered all the functionality we required, such as user-provisioning, a self-service password reset portal and single sign on, as well as ease of integration with our other systems."
Bancomext is running Identity Manager and Access Manager in a SUSE® Linux Enterprise Server environment.
"We chose this platform because it is a secure environment in which vulnerabilities can be controlled in an efficient manner," said Leopoldo Hidalgo, Head of IT Security, Bancomext. "It provides high performance for all of the components and requires only infrequent updates."
"With Identity Manager, user accounts are automatically created, edited or deactivated, eliminating the need for the IT department to manually intervene in the process," said Zaldivar. "As soon as Human Resources add a new user to the system, an identity is automatically generated and the new employee is assigned a user name, password and e-mail account."
Bancomext is using Identity Manager to manage all user names and passwords on the network, employing password management policies such as password strength assignment, periodic password change and password blocking after several failed attempts.
Furthermore, the bank is implementing a system of role-based provisioning. Users are now given hierarchical access rights based on their position in the company. Access Manager provides single sign-on access to all web-based applications with multi-factor authentication via tokens.
The solution has now been rolled out to 900 internal and external users. Bancomext expects the user base to increase to 2,500 users in the medium term.
Bancomext is already seeing the benefits of implementing Identity Manager and Access Manager, especially in terms of enabling the bank to comply with banking legislation.
"The implementation of a single identity management solution has ensured that Bancomext is abreast of regulatory requirements," said Zaldivar. "For example, Identity Manager has enabled Bancomext to comply with government legislation regarding password management policies."
Bancomext has also experienced significant reductions in the administrative workload of its IT team.
"We're seeing a 66 percent reduction in the time it takes to set up an account for a new user," said Zaldivar. "Previously it would take two days, now it can be completed in just a couple of hours. We estimate that our IT helpdesk is dealing with 15 percent fewer calls, thanks to the self-service web portal which allows users to reset their own forgotten passwords."
Finally, the solution has improved security. Password management is more tightly regulated, and hierarchical access rights ensure that employees can only access information which directly corresponds to their role.
"Our new IT platform will help us reach our target growth projections for the future, and the Novell solutions are playing an important role in this," said Zaldivar.