IdM Key to Safeguarding Sensitive Data
By Nikita Virdi
Mumbai, May 6, 2008

Identity management (IdM) involves the management of user accounts and access privileges across networks.

It has become the basic need for banks as they are facing problems on all fronts -- fraud, identity theft, and account violation, to name just a few. Banks are investing on IdM across the enterprise so that the users can have a Single Sign-On (SSO) across all product systems, channels, and locations. Even so, banks can manage the administration of IdM from a centralized point across the enterprise by investing in SSO technology.

"IdM solutions depend on area of requirement and demand to select a product, which supports the system," says Suresh Shanmugam, national head (IT) of Business Information Technology Solutions (BITS) and CIO of Mahindra & Mahindra Financial Services

It's necessary for banks to use IdM for both customers and employees. This ensures and analyzes who is accessing which systems and data and when. Banks control every facet of identity management, from user IDs, passwords (PW) and verification to controlling access levels and monitoring usage. IdM enables one entry one exit.

"Money being the product, proper identity management can provide a detailed line between control and service. Identity management needs to be taken seriously, especially where handling of sensitive data is concerned. Leveraging the latest tools and identity management solutions can provide high-level control and create an environment of confidence for both sides," adds Suresh Shan.

Today banks are using various kinds of identity management and security solutions. As technology progresses, threats will get more sophisticated and harder to detect. It's a constant game of cat and mouse that any organization has to play all the time.

There are a number of existing IdM solutions, based and developed on various technological platforms and software, available in this continuous battle to secure banks and financial institutions.

Few among these are:

* Extensible Name Service (XNS): It's an open Extensible Markup Language (XML)-based protocol, which specifies and manages a universal addressing system.

* Ping Identity: It provides an organization's users safe access to Internet applications without the need to re-login.

* Password Courier: It ensures that only right people view the right information.

"Banks have many applications for the staff to access. Human Resource Management Systems (HRMS), Code-Banking Solutions (CBS), Intranet, Internet, e-mail, and treasury require a separate ID/PW," says V. Babu, ex DGM (IT) Bank of India and now a private consultant.

IdM software makes the administrative task, such as resetting user passwords and managing lost passwords, automatic. All users are enabled to reset their own passwords to save money and resources.

When we look upon the uses, IdM is a great support as it protects confidential and financial information from any unauthorized access. "Employees access the bank's data from anywhere at anytime and this can provide a backdoor for worms Trojans and other threats," Babu opines.

However, just deploying solutions at one end is not enough. Banks need to proactively ensure customers access appropriate information and behave in the manner expected of them regardless of the channel they are using. Neeraj Jha, head (corporate communications) of HDFC Bank, says, "Customers need to be educated to ignore the suspicious mails. We constantly keep communicating new alerts on our website to our customers."

"We have introduced a mechanism i.e., fake.emails@hdfcbank.com to track the source of fake emails in few hours." continues Jha.

Banks must have strong security solutions in place for better management of their operations. More significantly these must be merged with a unified security infrastructure that will enable them to have a clear view of potential threats. The banking sector needs to look upon on how it can maximize economic and social benefits. An IdM solution can go a long way in achieving this target.


Related Links:

New Service for Enterprise Identity Management