EUROPEAN BANK
How MyID credential management is helping a leading European bank issue and manage strong authentication across their workforce
In this finance use case we look at how a leading European bank is using MyID credential management software to issue and manage the lifecycle of PKI based credentials across their thousands of employees.
MYID FOR ISSUING AND MANAGING STRONG AUTHENTICATION ACROSS A LEADING BANK'S WORKFORCE
THE CHALLENGE
As a large European bank with more than 12,000 employees requiring secure access into corporate systems and networks, the bank needed a robust authentication solution that could be deployed across a geographically spread workforce but managed centrally. To mitigate against the threat of data breach, cryptographic authentication using public key infrastructure (PKI), was the chosen method as this offered the optimum two-factor authentication (2FA) security required.
Working towards 2FA being mandated across all employees, the IT team were actively looking for a solution that would integrate with their multiple Microsoft certificate authorities (CA), hardware security modules (HSM), and enable the bank to print their own employee smart cards.
A simple and intuitive solution for IT operators to use on a day-to-day basis was essential, as was a vendor who offered future scope for deployment across other end user devices besides smart cards, including USB tokens, mobile devices, and virtual smart card enabled technology.
THE SOLUTION
The MyID credential management platform stood out as offering the functionality and technology integrations that the IT team were looking for.
The bank’s de-centralised organisation and philosophy meant that the organisation’s systems didn’t fit well with a centralised off-the-shelf solution. A solution that would collate the relevant data from HR systems, LDAP and other sources was essential. This was achieved via the MyID Lifecycle API, which the bank’s systems call to trigger user and lifecycle events. Whether that is a certificate renewal, or the requirement for a card to be revoked.
With their own in-house card production facility, the bank is able to use MyID to create and print employee smart cards, which are then mailed to the user at their branch location.
MyID has enabled the bank to ensure all employees and contractors are using strong 2FA, minimising the threat of data breach via phishing, spear phishing, social engineering or other means. MyID provides an auditable, centrally controlled system for the bank to issue, replace, and revoke smart cards as and when required.
The ongoing development of the MyID software platform has also futureproofed the bank so that they are able to continue evolving their identity management processes. Whether that is through policy setting changes, the creation of new user groups, changes to infrastructure such as CAs and HSMs, or a requirement to allow employees to perform 2FA via USB token, mobile device, or virtual smart card enabled laptops and computers.