BeyondTrust Case Studies Multinational Bank Integrates PBUL to Achieve Global Compliance

Edit This Case Study Record

	Multinational Bank Integrates PBUL to Achieve Global Compliance BeyondTrust

Multinational Bank Integrates PBUL to Achieve Global Compliance

BeyondTrust

Technology Category	Cybersecurity & Privacy - Security Compliance
Applicable Industries	Finance & Insurance
Applicable Functions	Business Operation
Use Cases	Regulatory Compliance Monitoring Cybersecurity
Services	System Integration Software Design & Engineering Services
Challenge	The bank, a globally recognized multinational banking and financial services company, was faced with the challenge of meeting broad data privacy compliance requirements from over 99 countries. As cyber attacks, security breaches and data loss become more commonplace, lawmakers and regulators are seeking to put strong data security legal frameworks in place. The bank is subject to most of these compliance requirements. An internal audit at the bank developed a series of proposed internal policies to meet all the forthcoming compliance regulations with which the bank needed to comply. These proposed policies had three objectives: enable compliance to these regulations across the world; increase protection for their servers, infrastructure, and the data they contain; and support a corporate objective to improve and sustain consumer confidence. To meet these objectives and implement the proposed internal policies, an aggressive reevaluation and investment in their IT security strategy and privilege management practices was needed. Read More
About Customer	The customer is a globally recognized multinational banking and financial services company. The bank provides retail, wholesale and investment banking, as well as wealth management, mortgage lending and credit cards. Its activities include moving, lending, investing and protecting money for customers around the world. In addition to the ever-present risk of cyber threats, it must also meet banking and privacy regulations in each of the countries and regions in which it does business. As of mid-2013, there were more than 99 countries with data privacy laws and many more pending. There are broad global variations in the specific requirements to protect and store personal data, but as a global bank, this company is subject to most of these compliance requirements. Read More
Solution	The bank designed an enterprise-wide global system to protect all private data, wherever it resided on their Unix and Linux servers. Policies are still established on their current system. That system controls where data resides, who can access the data and the systems containing the data, along with what tasks are allowed when access is granted. To enforce these policies the bank integrated their current system with BeyondTrust’s PowerBroker for Unix and Linux. PowerBroker controls authorization requirements for servers and delegates the specific tasks on those servers. Now there is a record of who accessed which servers and the details of the tasks performed. All access is logged, and those logs are consolidated and centralized to create reports that verify compliance. The key to this global solution is that it integrates into their current system that manages permissions, enabling them to improve rather than replace their current processes. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Finance & Insurance

Applicable Functions

Business Operation

Use Cases

Regulatory Compliance Monitoring

Cybersecurity

Services

System Integration

Software Design & Engineering Services

Challenge

The bank, a globally recognized multinational banking and financial services company, was faced with the challenge of meeting broad data privacy compliance requirements from over 99 countries. As cyber attacks, security breaches and data loss become more commonplace, lawmakers and regulators are seeking to put strong data security legal frameworks in place. The bank is subject to most of these compliance requirements. An internal audit at the bank developed a series of proposed internal policies to meet all the forthcoming compliance regulations with which the bank needed to comply. These proposed policies had three objectives: enable compliance to these regulations across the world; increase protection for their servers, infrastructure, and the data they contain; and support a corporate objective to improve and sustain consumer confidence. To meet these objectives and implement the proposed internal policies, an aggressive reevaluation and investment in their IT security strategy and privilege management practices was needed.

About Customer

The customer is a globally recognized multinational banking and financial services company. The bank provides retail, wholesale and investment banking, as well as wealth management, mortgage lending and credit cards. Its activities include moving, lending, investing and protecting money for customers around the world. In addition to the ever-present risk of cyber threats, it must also meet banking and privacy regulations in each of the countries and regions in which it does business. As of mid-2013, there were more than 99 countries with data privacy laws and many more pending. There are broad global variations in the specific requirements to protect and store personal data, but as a global bank, this company is subject to most of these compliance requirements.

Solution

The bank designed an enterprise-wide global system to protect all private data, wherever it resided on their Unix and Linux servers. Policies are still established on their current system. That system controls where data resides, who can access the data and the systems containing the data, along with what tasks are allowed when access is granted. To enforce these policies the bank integrated their current system with BeyondTrust’s PowerBroker for Unix and Linux. PowerBroker controls authorization requirements for servers and delegates the specific tasks on those servers. Now there is a record of who accessed which servers and the details of the tasks performed. All access is logged, and those logs are consolidated and centralized to create reports that verify compliance. The key to this global solution is that it integrates into their current system that manages permissions, enabling them to improve rather than replace their current processes.

Impact #1	PowerBroker for Unix and Linux offers the flexibility and task delegation that the bank needed, which was evident from proof of concept onward.
Impact #2	The custom connectors allowed consolidation and segregation across the different geopolitical areas, with consistent management of policies for privileged accounts.
Impact #3	During the proof of concept process it was clear that the PowerBroker GUI worked well, and that the bank would not lose the ease of use of their home-grown permissions system.

Impact #1

PowerBroker for Unix and Linux offers the flexibility and task delegation that the bank needed, which was evident from proof of concept onward.

Impact #2

The custom connectors allowed consolidation and segregation across the different geopolitical areas, with consistent management of policies for privileged accounts.

Impact #3

During the proof of concept process it was clear that the PowerBroker GUI worked well, and that the bank would not lose the ease of use of their home-grown permissions system.

Download PDF Version

Overview

Multinational Bank Integrates PBUL to Achieve Global Compliance

Operational Impact