Secure Identity & Compliance
in the Cloud Cloud
for the Finance Industry

Durchschnittliche Lesezeit: 4 Minuten


Increased user expectations, global networking of systems, rapidly changing regulations, data exchange from different software solutions – the requirements for an identity management system of banks or insurance companies are becoming increasingly complex. The basis: a functioning, cloud-based CIAM total solution through which customers and partners interact with financial service providers.


Orchestration and implementation of tasks and systems

A cloud-based, comprehensive CIAM system presents banks and insurance companies with major technical challenges. Because no application covers all areas. Interfaces between the systems, tasks and applications must be created.


Icons Tekaris Secure Identity Vorteile: Manage RegulationsRegulations

Compliance with rules of BAFIN, BAIT, DSGVO/GDPR etc.

Icons Tekaris Secure Identity Vorteile: Identity ManagementIdentity Management

Secure, customer-centric authentication.

Icons Tekaris Secure Identity Vorteile: Secure Cloud UsageCloud Management

Access to your own cloud or that of a third-party provider.

Icons Tekaris Secure Identity Vorteile: Sicherheit in EchtzeitSIEM

Real-time analysis of security alerts.

Icons Tekaris Secure Identity Vorteile: Service DeskService Desk

Integration of the contact point of own IT and users.

Icons Tekaris Secure Identity Vorteile: Risk ManagementRisk Management

Compliance with ISRM and other risk systems.

Tekaris Gründer, Geschäftsführer und Experte für Identity Management Konrad Pfeffer, Foto: Tekaris GmbH

Do you want to implement CIAM? We combine industry and product expertise as well as experience in interface connection.

Your contact: Konrad Pfeffer

Consult now

Digital identities in banks and insurance companies

Let's take a closer look at the challenges. Not so long ago, things were still simple for banks, insurance companies and other financial service providers: employees used their company PC in the company network to access company applications. Employees traveling used their company laptop to log on to the corporate network via VPN and gain access to all applications. Employees and external parties accessed their company accounts via the company's IAM system, which obtained its data from the HR system..

hat was once upon a time. Concepts such as the internal LAN or a demilitarized zone (DMZ) no longer adequately reflect the requirements for these business models. One answer is CIAM solutions. They allow secure access of employees, partners, customers and devices to different systems. And they open up completely new opportunities for financial service providers.


User-centric thinking: expectations and access structure

Align expectations & access structures in an user-centric way.
Align expectations & access structures in an user-centric way.

Customers and employees alike expect access to all the information they need at all times, regardless of location or device. User-friendly and secure.

Identity Provider (IDP)
External partners use their own identity provider and benefit from its convenient and secure authentication. Customers may access through social IDPs such as Google or Facebook.

Target system
The target systems of the users are located in the cloud (and no longer on-premise). The cloud solution can be your own or that of a third-party provider.


For banks and insurance companies, this means that they have to reconcile diverse user expectations, authentication options and target systems in order to offer a trouble-free and secure user experience.

New requirements, increased complexity

The requirements for banks and insurers for identity management services are already high: BAIT and BAFIN regulations, guidelines such as the Sarbanes-Oxley Act or Gramm-Leach-Bliley Act for a US business. In addition, there are the usual regulatory requirements such as DSGVO/GDPR, ISO standards or BSI baseline protection. They must be linked to the core capabilities of identity management such as authentication, single sign-on, federation, identity lifecycle. Requirements from other areas are added. Examples include security information and event management (SIEM) requirements, service desks, risk management, and more.



AuthenticationAuthorizationIdentity ReposorityAudit & Compliance
Single Sign onDynamic AuthorizationBulk OperationsReporting & Dashboard
Adaptive Authentication AdministrationPrivacy & Disclaimer Support
Session Management Delegated Administration 
Identity Federation   
API Security   



Consider real-time Security InfoFraud DetectionService Desk IntegrationRegulatory Reports
Aggregate Security Info   

Orchestrate applications: Capability Mapping

A particular challenge here is that no application covers all requirements alone. Several services and products such as Fortinet, LogPoint (SIEM) or Azure Active Directory (CIAM) must be orchestrated. The systems have to exchange data, extract important information, etc. For example, a SIEM solution requires data from the audit and activity logs of Access Management. Or the service desk needs information from the user administration.

The following figure illustrates the principle of capability mapping:

Capability Mapping: Precisely programmed interfaces on the individual products ensure smooth data exchange.
Capability Mapping: Precisely programmed interfaces on the individual products ensure smooth data exchange.

Task: Create API interfaces

The task is to create a functioning overall solution via interfaces that meets the requirements of banks and insurance companies. Many applications already offer interfaces to exchange data with other applications. The own APIs usually provide the best starting point to create indirections and thus independence. They avoid vendor lock-in, an incompatibility during data exchange.


Use CIAM in the Cloud

More identities, larger coverage, greater scalability – in order to meet global connectivity and the increased demands of customers and partners, financial service providers are moving to the cloud with the CIAM system. It offers the ideal conditions for using services globally distributed, scalable and secure.

On the one hand, there are software-as-a-service (SaaS) applications that can be used globally. On the other hand, cloud technologies such as containers can be used to establish flexible, scalable, and resilient solutions. And you have this often across several cloud platforms in order to achieve the greatest possible reliability.

In terms of security, CIAM systems go far beyond conventional on-premise solutions. They use risk-based procedures to detect and prevent fraudulent log-ins. Applications with modern authentication protocols form the basis for a low-risk cloud journey for financial institutions and insurance companies.



Tekaris Gründer, Geschäftsführer und Experte für Identity Management Konrad Pfeffer, Foto: Tekaris GmbH


Konrad Pfeffer, Managing Director Tekaris

For the past 20 years, Konrad Pfeffer has been dealing with questions of application development, security environment, and compliance & identity. Before joining Tekaris, he had been working at a leading global reinsurer for a long time. He launched numerous innovation projects and accompanied various companies into the cloud. Konrad Pfeffer is the initiator of the Meet-Up series "Smart Identity".


CIAM audit and CIAM consulting for the finance industry

Tekaris accompanies you in the introduction or expansion of your CIAM solution. These are our services:

• Formulate and analyze requirements
• Capability mapping and business architecture
• Orchestration of the solutions
• Technical architecture and implementation

In a CIAM audit, we clarify the actual and target state of your identity management and discuss the advantages and disadvantages of different variants of CIAM implementation, from individual software development to standard solutions.

We show you the way to your smart CIAM solution.


Consult now

Finance & Insurance
Published on:
11. March 2021
Updated on:
24. March 2023