For a leading banking group, managing user access permissions to its systems is a critical part of keeping the business secure and compliant. But with more than 6,000 different internal systems to work with, managing and standardizing multiple different data formats was cumbersome and expensive.
The organization was using Oracle Identity Manager (OIM) to track and monitor permissions - making sure that the right people had access to the right systems, and keeping access updated as staff assignments changed.
With large volumes of constantly changing data coming from different sources in different formats, feeding the necessary data into OIM was a challenge. OIM is strict about the data format it ingests, so the bank needed a dedicated development team to create and manage the manual process of data integration for OIM. Not only was this expensive, but the scripts to transform the data were cumbersome to develop, test and deploy into production.
The IT security team were looking for a solution that would automate the data integration process, and would enable business teams to take on some of the work that previously only the technical team could handle.
A data transformation framework
With CloverDX the project’s technical staff created a data transformation framework to ingest data from different sources and transform it into a standardized format that OIM could recognize. The team used the flexibility of CloverDX to build, tweak and augment configurable, repeatable templates quickly, and then pass these templates onto the business team to add in details and manage the majority of the work.
The new solution fits the requirements of both the technical teams - who have the flexibility to hack the software to adapt the solution to their methods of working - and the business teams, who now have an intuitive graphical interface that has given them more capability to do the identity management work themselves.
The bulk of the operational work - making sure feeds are coming in, sending notifications to users, acting as the first line of support for recertification and coordinating onboarding of new applications - has now been moved out of the technical team’s domain, meaning that they can now focus on OIM implementation, knowing that the more automated identity and access management process is keeping the bank’s system’s secure.