Identity & Access Governance - Finance Industry

18.04.2012 14:00-15:00 Moderator:

IAM Governance in the New Commerzbank

After integration of Dresdner Bank, which was completed successfully in spring 2011, a new IAM (Identity & Access Management) governance model has been set up and implemented. Components of this model are governance structures and responsibilities (including processes and raci-matrix); a recertification process for critical application on a risk based assessment and the design and implementation of a new workflow tool for the requesting and approval of access rights.

After having completed the roll-out of the new governance structures and responsibilities in 2011, as well as the first recertification tranche and POC (prof of concept) for the new workflow tool, the scope for 2012 is the implementation of the workflow tool, further recertification activities and sustainable implementation of the new IAM governance.

Munich Re’s Identity & Access Management - Experience Report and Best Practices

In May 2010, Munich Re started a project to define, coordinate and establish compliant, sustainable and efficient IAM processes and policies based on best practices; to provide matching and appropriate IT support for the IAM processes to enhance efficiency and to provide reliable data on Digital Identities.
The Quest One Identity Manager (Quest OIM – former Voelcker ActiveEntry V4.2) was implemented and customized to fit into Munich Re’s IAM architecture. One of the main additions to Quest OIM was the introduction of a Master-/Sub-Identity Model which e.g. allows requesting entitlements for each account of a Digital Identity independently. The Master-/Sub-Identity Model was adopted for standard Quest OIM in a generalized form.
Up to date about 17.000 Digital Identities with several assigned accounts are managed, IAM functions, e.g. requesting entitlements, password reset, are implemented for more than eleven 70 SAP clients and 87 dotNet applications, and more than 20.000 entitlements can be requested via Quest OIM.
One of the major challenges in the project was to design and implement an efficient process to define and manage those entitlements from the huge list of SAP roles and AD groups which should be made available for requesting/approving by the users via Quest OIM.
This session will show the results, best practices and lessons learned in the Munich Re IAM project and from the first year of operation of the IAM tool and will be presented by Munich Re’s IAM project manager, Wolfgang Zwerch.