To address regulatory requirements (such as Sarbanes Oxley, Solvency 2 and Basel II), companies in the banking and insurance sector must implement systems to mitigate business risk.
These obligations are often met by strengthening information system access control in order to protect data integrity and confidentiality. And the need to have end-to-end traceability of actions performed by each of their employees.
At the same time, faced with an increasing number of computer applications – and thus the number of passwords to remember – these companies seek solutions to increase their employees’ productivity and lighten the workload of their user support departments.
To address these challenges, Avencis provides solutions to standardize password management, simplify user management, and establish and audit the assignment of rights and user access, from a single location.
Easy and fast to roll out, these solutions are designed to reduce business risks as well as identity and access management costs significantly.
User-friendliness and increased security
Using its SSOX technology, Avencis decreases the number of problems stemming from the ever-multiplying number of passwords while increasing IS access security.
- Single Sign On: users have to remember only one single password to connect to all computer resources and applications, whether they are hosted internally or outsourced.
- Reduction of risks: implementing Single Sign On means users do not write passwords down on post-its or use a weak and/or one single password to access multiple applications. Users no longer need to remember secondary passwords, so these passwords can have stricter rules (such as minimum length, complexity and change frequency).
- User identification: Single Sign On can be combined with strong authentication tools through a smart card, badge, biometric fingerprint, token, etc.
- Access to several desktops in a cluster (often occurs in trading rooms): users authenticate themselves once, on the master desktop. Other desktops comply with the policy that was specified for the desktop cluster via the master desktop.
Decrease in the IT department’s workload
- Fewer calls to the helpdesk: users can change or reset their primary password without contacting technical support, through a secure, simple self-service portal, the use of which is logged.
- Assignment of computer resources to strategic projects: setting up an SSO engine reduces the number of calls to the helpdesk. IT departments can focus on tasks with greater added value such as establishing stricter security policies.
Hpliance provides a simple and pragmatic solution for compliance with domestic and international data security regulations:
- User rights management: establishment of a database of all employees and management of their associated rights (who has the right to access what resources and how).
- Audit report: full traceability of accesses and actions performed by users, can be used directly by risk management department employees.