In this finance use case we look at how a leading European bank is using MyID credential management software to issue and manage the lifecycle of PKI based credentials across their thousands of employees.
As a large European bank with more than 12,000 employees requiring secure access into corporate systems and networks, the bank needed a robust authentication solution that could be deployed across a geographically spread workforce but managed centrally. To mitigate against the threat of data breach, cryptographic authentication using public key infrastructure (PKI), was the chosen method as this offered the optimum two-factor authentication (2FA) security required.
Working towards 2FA being mandated across all employees, the IT team were actively looking for a solution that would integrate with their multiple Microsoft certificate authorities (CA), hardware security modules (HSM), and enable the bank to print their own employee smart cards.
A simple and intuitive solution for IT operators to use on a day-to-day basis was essential, as was a vendor who offered future scope for deployment across other end user devices besides smart cards, including USB tokens, mobile devices, and virtual smart card enabled technology.
The MyID credential management platform stood out as offering the functionality and technology integrations that the IT team were looking for.
The bank’s de-centralised organisation and philosophy meant that the organisation’s systems didn’t fit well with a centralised off-the-shelf solution. A solution that would collate the relevant data from HR systems, LDAP and other sources was essential. This was achieved via the MyID Lifecycle API, which the bank’s systems call to trigger user and lifecycle events. Whether that is a certificate renewal, or the requirement for a card to be revoked.
With their own in-house card production facility, the bank is able to use MyID to create and print employee smart cards, which are then mailed to the user at their branch location.
MyID has enabled the bank to ensure all employees and contractors are using strong 2FA, minimising the threat of data breach via phishing, spear phishing, social engineering or other means. MyID provides an auditable, centrally controlled system for the bank to issue, replace, and revoke smart cards as and when required.
The ongoing development of the MyID software platform has also futureproofed the bank so that they are able to continue evolving their identity management processes. Whether that is through policy setting changes, the creation of new user groups, changes to infrastructure such as CAs and HSMs, or a requirement to allow employees to perform 2FA via USB token, mobile device, or virtual smart card enabled laptops and computers.
Enhanced security with best practice 2FA deployed across more than 12,000 employees and all branch locations
Improved control over credential issuance and management with one centralised credential management software platform
Reduced cost through the integration flexibility of MyID to work with existing CA, HSM, and card printing infrastructure
Simplified deployment through configuring MyID’s Lifecycle API to fit into the bank’s de-centralised structure
Futureproofed authentication security is assured as MyID continues to improve, ensuring the bank has multiple options on how its identity management solution evolves