PRIVILEGED ACCOUNT MANAGEMENT SYSTEM
To protect against intentional or accidental destructive actions of privileged users in OschadBank, a privileged account management system was implemented based on the solutions of the leader of this segment – Oracle. Oracle solutions are used by 19 of the 20 largest global banks.
What are you risking?
All experts in the field of information security and information protection agree that an internal threat is the most urgent and large-scale for a business. By some estimates, nearly three quarters of successful intrusions and attacks are carried out from within the protected area of the facilities by the organizations’ own employees. This assessment also includes attacks carried out from outside the company, but with the knowledge or direct participation of insiders.
At the same time, in every organization, in every business where there is at least some information technology, there are employees who have elevated privileges in corporate information systems (CIS) – these are system administrators, database administrators, information security administrators, outsourcers serving corporate information systems. … Moreover, most of them – about 70% (research by the Independent Oracle User Group) – are confident that their employer or customer cannot control their activities.
How much do you trust your privileged users?
The main resource of the bank?
The bank’s main resource is money and knowledge. And for the most part, this is not your own money, but customers’ money. And this shows the level of responsibility of employees who ensure the safety of knowledge about customers, their accounts, and cash flow.
Within the framework of this project, the specialists of DATAS-Technolozhi and OschadBank solved the following tasks:
• Implemented a single entry point for all privileged users.
• Ensured compliance with the NBU requirements for registration of privileged users’ actions.
• Got the opportunity to promptly receive reports containing information about the facts of privileged access of users and administrators to applied information systems for the information security service and the bank’s management.
• Defined the rights, responsibilities and delimited the areas of responsibility of the company’s personnel in terms of providing privileged access to various information systems.
How does it work?
Several modules of the comprehensive Oracle Identity Governance (OIG) solution are currently “working” in the bank’s information systems.
The core of the system is Oracle Identity Governance (OIG), which includes the Oracle Privileged Account Management (OPAM) module. Which is responsible for strong user authentication, storing information about accounts, events and incidents (the usefulness of this tool in investigations is difficult to overestimate). In conjunction with the OPAM module, it allows the bank to store, manage and track the use of privileged credentials. The key points of the information infrastructure – servers, databases, network equipment, control the use of critical services by privileged users.
What’s the bottom line?
Everyone benefits from the implementation: the bank gets an excellent tool to control its administrators, the bank’s clients are another element of confidence in the safety of their money.