Durchschnittliche Lesezeit: 4 Minuten
Increased user expectations, global networking of systems, rapidly changing regulations, data exchange from different software solutions – the requirements for an identity management system of banks or insurance companies are becoming increasingly complex. The basis: a functioning, cloud-based CIAM total solution through which customers and partners interact with financial service providers.
Orchestration and implementation of tasks and systems
A cloud-based, comprehensive CIAM system presents banks and insurance companies with major technical challenges. Because no application covers all areas. Interfaces between the systems, tasks and applications must be created.
Regulations
Compliance with rules of BAFIN, BAIT, DSGVO/GDPR etc.
Identity Management
Secure, customer-centric authentication.
Cloud Management
Access to your own cloud or that of a third-party provider.
SIEM
Real-time analysis of security alerts.
Service Desk
Integration of the contact point of own IT and users.
Risk Management
Compliance with ISRM and other risk systems.
Do you want to implement CIAM? We combine industry and product expertise as well as experience in interface connection.
Your contact: Konrad Pfeffer
Digital identities in banks and insurance companies
Let's take a closer look at the challenges. Not so long ago, things were still simple for banks, insurance companies and other financial service providers: employees used their company PC in the company network to access company applications. Employees traveling used their company laptop to log on to the corporate network via VPN and gain access to all applications. Employees and external parties accessed their company accounts via the company's IAM system, which obtained its data from the HR system..
hat was once upon a time. Concepts such as the internal LAN or a demilitarized zone (DMZ) no longer adequately reflect the requirements for these business models. One answer is CIAM solutions. They allow secure access of employees, partners, customers and devices to different systems. And they open up completely new opportunities for financial service providers.
User-centric thinking: expectations and access structure
User
Customers and employees alike expect access to all the information they need at all times, regardless of location or device. User-friendly and secure.
Identity Provider (IDP)
External partners use their own identity provider and benefit from its convenient and secure authentication. Customers may access through social IDPs such as Google or Facebook.
Target system
The target systems of the users are located in the cloud (and no longer on-premise). The cloud solution can be your own or that of a third-party provider.
For banks and insurance companies, this means that they have to reconcile diverse user expectations, authentication options and target systems in order to offer a trouble-free and secure user experience.
New requirements, increased complexity
The requirements for banks and insurers for identity management services are already high: BAIT and BAFIN regulations, guidelines such as the Sarbanes-Oxley Act or Gramm-Leach-Bliley Act for a US business. In addition, there are the usual regulatory requirements such as DSGVO/GDPR, ISO standards or BSI baseline protection. They must be linked to the core capabilities of identity management such as authentication, single sign-on, federation, identity lifecycle. Requirements from other areas are added. Examples include security information and event management (SIEM) requirements, service desks, risk management, and more.
CORE CAPABILITIES | |||
|---|---|---|---|
| Authentication | Authorization | Identity Reposority | Audit & Compliance |
| Single Sign on | Dynamic Authorization | Bulk Operations | Reporting & Dashboard |
| Adaptive Authentication | Administration | Privacy & Disclaimer Support | |
| Session Management | Delegated Administration | ||
| Identity Federation | |||
| API Security | |||
EXTENDED CAPABILITIES | |||
|---|---|---|---|
| Consider real-time Security Info | Fraud Detection | Service Desk Integration | Regulatory Reports |
| Aggregate Security Info | |||
Orchestrate applications: Capability Mapping
A particular challenge here is that no application covers all requirements alone. Several services and products such as Fortinet, LogPoint (SIEM) or Azure Active Directory (CIAM) must be orchestrated. The systems have to exchange data, extract important information, etc. For example, a SIEM solution requires data from the audit and activity logs of Access Management. Or the service desk needs information from the user administration.
The following figure illustrates the principle of capability mapping:
Task: Create API interfaces
The task is to create a functioning overall solution via interfaces that meets the requirements of banks and insurance companies. Many applications already offer interfaces to exchange data with other applications. The own APIs usually provide the best starting point to create indirections and thus independence. They avoid vendor lock-in, an incompatibility during data exchange.
Use CIAM in the Cloud
More identities, larger coverage, greater scalability – in order to meet global connectivity and the increased demands of customers and partners, financial service providers are moving to the cloud with the CIAM system. It offers the ideal conditions for using services globally distributed, scalable and secure.
On the one hand, there are software-as-a-service (SaaS) applications that can be used globally. On the other hand, cloud technologies such as containers can be used to establish flexible, scalable, and resilient solutions. And you have this often across several cloud platforms in order to achieve the greatest possible reliability.
In terms of security, CIAM systems go far beyond conventional on-premise solutions. They use risk-based procedures to detect and prevent fraudulent log-ins. Applications with modern authentication protocols form the basis for a low-risk cloud journey for financial institutions and insurance companies.
THE AUTHOR
Konrad Pfeffer, Managing Director Tekaris
For the past 20 years, Konrad Pfeffer has been dealing with questions of application development, security environment, and compliance & identity. Before joining Tekaris, he had been working at a leading global reinsurer for a long time. He launched numerous innovation projects and accompanied various companies into the cloud. Konrad Pfeffer is the initiator of the Meet-Up series "Smart Identity".
CIAM audit and CIAM consulting for the finance industry
Tekaris accompanies you in the introduction or expansion of your CIAM solution. These are our services:
• Formulate and analyze requirements
• Capability mapping and business architecture
• Orchestration of the solutions
• Technical architecture and implementation
In a CIAM audit, we clarify the actual and target state of your identity management and discuss the advantages and disadvantages of different variants of CIAM implementation, from individual software development to standard solutions.
We show you the way to your smart CIAM solution.
