About Employees Provident Fund (EPF)
The EPF is a Malaysian social security institution established on 1st October 1951 and governed by the EPF Act, 1991 (Amendment). It provides retirement benefits for members through management of their savings in an efficient and reliable manner. The EPF's members are private sector and non-pensionable public sector employees—a total of 12.35 million people, 5.79 million of whom are active and contributing members.
With nearly 5600 employees working in multiple locations and using numerous different information systems and applications, it was a challenge for the EPF to manage user identities, security and access rights.
Employees were required to remember multiple different sets of credentials, which translated to delays in logging in. Employees who forgot a particular set of credentials would have to wait for up to an hour for their password to be re-set by helpdesk personnel. There was also a significant administrative burden on the IT function, which was required to manually provision and de-provision employees across a large number of applications and systems. The provisioning of each new user account could take up to eight hours, consuming valuable IT resources and diverting staff from higher-value tasks. There was also often uncertainty about which employees had access to which systems.
"We also lacked clarity around user identities and access rights and wanted a more efficient and practical solution that would save time for employees and IT staff, while giving us complete visibility of users in all systems," said Andy Tan, CIO at the Employees Provident Fund.
The EPF decided to completely overhaul its user identity and security framework and selected Identity Manager and SecureLogin as the key technology enablers.
"After reviewing several solutions from different vendors such as IBM and Oracle, we determined that Identity Manager was the best product for our needs in terms of its functional simplicity and openness," said Andy Tan. "We chose to implement several pre-built modules to connect to some of our third-party applications. This enabled us to complete the rollout very rapidly and at low cost. This was a high-profile project with commitment from senior management, so it was an accomplishment to complete the implementation on time and be able to show the results a lot quicker."
With Identity Manager, the EPF now has a single repository for all user identity and security information, automatically synchronised with all connected systems within the enterprise.
"In the past, the provisioning of a new user account or any change to a user's credentials required an IT specialist to update information manually in multiple systems, which took time and had the potential to introduce errors," said Andy Tan. "With Identity Manager, we simply update the information once and it flows to all relevant systems. As a result, the provisioning process for new user accounts is now much quicker. Rather than taking eight hours to create a new user account, provisioning is now almost instant for systems including Peoplesoft (Human Resource Management System), Sharepoint Portal (Infoklik), QRADAR (Operations Risk Management System) and Active Directory."
The EPF deployed SecureLogin to provide enterprise single sign-on (ESSO) services. The solution allows employees to have a single username and password to securely access all of their applications. This not only cuts the time and effort involved in signing on, but it also improves security and reduces the likelihood of users forgetting their passwords. Employees who do forget their passwords are benefiting from Identity Manager self-service password re-set capabilities which enable users to instantly re-set their own passwords without seeking assistance from the IT helpdesk.
The EPF also deployed Sentinel™ Log Manager, which simplifies the monitoring of login attempts and other user activity, making it easier to meet compliance requirements.
"Identity Manager, SecureLogin and Sentinel (Log Manager) have given us full control over user security, so that we can comply fully with our corporate policies," said Andy Tan. "And they have enabled us to do this while also making life simpler for users."
The successful implementation of Identity Manager at the EPF has cut administrative costs, reduced delays, improved security and enabled greater user productivity. The solution automatically keeps identity and security information synchronised across all connected systems, so that the addition or deletion of accounts can be made just once from a central point of control.
"We are saving potentially thousands of man-hours per year in user administration tasks, thanks to Identity Manager," said Andy Tan. "The Novell (now a part of Micro Focus) solution ensures that changes are applied immediately across all systems without requiring IT staff to repetitively apply the same changes."
With SecureLogin providing enterprise single sign-on from any location and a self-service password portal enabling users to reset their own forgotten passwords, users are less likely to require the services of the helpdesk, further reducing administrative costs at the EPF. Equally, with only a single set of login credentials to remember, users can easily implement a more complex, less guessable password which enhances overall security.
"The Novell solution makes the entire subject of user administration far easier, and it also brings much greater transparency to the management of our security policies," said Andy Tan.