About Swisscard AECS AG
Swisscard AECS AG is a joint venture between Credit Suisse and American Express. Headquartered in Horgen, near Zurich, Swisscard employs approximately 650 people and acts a service provider, handling the credit card business for Credit Suisse across three brands: Visa, MasterCard and American Express.
With access rights to approximately 200 applications handled manually, user management was a difficult and time-consuming task at Swisscard. The organisation lacked a consistent set of enterprise-wide processes and platforms, with the result that revision-safe administration of access rights became a challenge in the increasingly regulated banking environment.
A simple request from the business to give a new employee the same access rights as an existing one required the IT team first to determine the existing access rights, then laboriously apply them one by one to the new person. Equally, the difficulty in withdrawing access rights when an employee switched departments or left the company represented a potential security risk. Swisscard wanted to standardise and, where practical, automate the provisioning and deprovisioning of users.
Most important, Swisscard wanted to ensure easier and more efficient compliance with regulations. Swisscard must comply with a large number of local and international regulations, including full auditability of access rights to data and systems.
Swisscard selected Identity Manager as the basis for its identity management environment, using Access Manager™ to provide single sign-on services, and Sentinel® to monitor and audit compliance to guidelines and processes.
"As part of the selection process, we looked closely at market analyses, allowed manufacturers to present their solutions and spoke to several different manufacturers' reference customers," said Stefan Fischer, IT Architect, Swisscard. "The basic functions of all the different solutions were quite similar, but we wanted a tool that could be used by non-specialists without sacrificing any power or functionality. In our opinion, Identity Manager provided the most intuitive and powerful solution."
Swisscard undertook a phased rollout of its identity management solution, working with consultants and local partner SkyPRO AG to ensure the rapid and effective deployment of the new software.
"The assistance from the Novell (now a part of Micro Focus) consultants was good, in particular their suggestions for a phased deployment rather than a big-bang approach," said Fischer. "Equally, we have been impressed with the contribution from SkyPRO: the consultants are highly talented and the service quality is excellent."
The combined project team used Identity Manager to create a central user repository that draws data from Swisscard's leading HR system and synchronises it across all corporate systems. Swisscard created a set of business rules to govern the assignment of access rights to employees, including the definition of approximately 100 business roles. Some rights are granted automatically, while others are requested and approved using defined workflow processes with respect to company guidelines.
Access Manager provides single sign-on access to the main Web-based applications at Swisscard–so that users no longer need to remember dozens of different credentials. Sentinel monitors and logs all activity across the corporate network and links it back to information held in Identity Manager, enabling faster and easier compliance with audit regulations. Swisscard plans to extend its use of Sentinel, making it the cornerstone of its future Security Information and Event Management (SIEM) architecture.
Identity Manager now automates most user management tasks for Swisscard, drawing information directly from its central HR system and applying or removing access to company resources according to employees' roles. In addition to saving an estimated 20 percent effort and freeing up Swisscard's IT team to focus on value-add tasks, the Solution ensures that changes in the organisational chart are rapidly and reliably reflected in the network.
"Identity Manager saves us considerable time and effort in managing user access to the company's information resources," said Fischer. "The Solution gives us a clear, auditable view of users and access rights, all managed from a single point of control."
When an employee leaves the company, Identity Manager automatically revokes all relevant access rights, closing potential security holes and eliminating the effort previously required to track down and delete orphaned user accounts. The solution also makes it easier to comply with external regulations by providing complete and accurate reports on user access rights at the touch of a button.
"The Solution has become the nerve centre for user management at Swisscard, giving us the tools to respond rapidly to requests and changes from the business with regard to compliance requirements," said Fischer. "It has also enabled us to lay the foundations for a planned customer-facing Web portal that will provide card holders with secure access to services and information."