02:15 PM
Connect Directly

People's United Bank Automates Entitlements

People's United establishes automated user ID and access management system with Courion.

Combining an aggressive growth strategy with a 2006 transition from a state-chartered savings bank to a federally chartered institution placed many new demands on Bridgeport, Conn.-based People's United Bank ($11 billion in total assets). For recently hired Tim Callahan, technology risk management first VP and chief information security officer, it meant an overhaul of the bank's entitlements management procedures. "Widely dispersed and cumbersome processes had developed over time," he explains.

To streamline the largely manual, form-laden processes to serve a user population of 3,000 while preparing for future acquisitions, Callahan says he drew on lessons learned at a prior employer to design a centralized and automated entitlements system. A pivotal aspect of the plan, he adds, was aligning entitlements with business roles.

"For example, the role 'customer service associate' receives a certain set of rights, and 'financial services manager' gets another set," Callahan relates. "On the IT side, the types of applications and levels of access may overlap. Further, some provisioning tasks may be automated and some manual. Regardless, it's all transparent to the business manager, who submits just one standard HR request."

With his project approved in late 2006, Callahan considered a handful of vendors, including existing bank partners IBM (Armonk, N.Y.) and Sun (Santa Clara, Calif.). According to Callahan, however, Courion's Enterprise Provisioning Suite stood out in key areas. "Courion not only automates IT function mapping, it also handles non-IT functions, such as physical work space, business cards and telephone," he points out. "Plus, we could use our established [Microsoft] Active Directory, which speeded deployment considerably."

By February 2007 Callahan had kicked off a dual-purpose pilot project: deploy Courion's solution in a single business unit and develop an implementation template for a phased, enterprisewide rollout by lines of business. "For the pilot we chose regional banking because it represents almost 60 percent of our end users," Callahan notes.

To start, entitlement management responsibilities were identified and centralized, according to Callahan. Concurrently, business roles were researched and mapped to IT roles. Next, the Enterprise Provisioning Suite was loaded onto an existing server running Microsoft (Redmond, Wash.) Windows Server 2003. (Later, a production platform was acquired and the suite was migrated onto a Web server, an application server and database server.)

By April 2007, all data was input and workflows were tested. After a brief user-acceptance test, the new system went live without incident, Callahan reports. "Since the interface is a Web-based portal, formal end-user training wasn't required," he notes. "We E-mailed some basic instructions and the rest was learn-as-you-go."

The implementation team fine-tuned the deployment model and started adding other business units. By September the Courion solution was handling the workflow for 20 applications, up from the pilot's four. In June, People's United announced that it would acquire Chittenden Corp. (Burlington, Vt.; $6.4 billion in total assets); eventually, they envision, the system will support the 130 branches that will be acquired along with Chittenden.

"Now, provisioning an employee takes a day, down from five days," says Callahan. "And we decommission users with a mouse click -- our exposure is significantly reduced, and our auditors are pleased."

At year-end the implementation was nearing completion and a password management module was being added. Going forward, the bank has asked Courion to enhance file- and folder-level functionality. "At this time we can provide access to files and folders, but we need more-efficient management capabilities," Callahan explains.

Institution: People's United Bank (Bridgeport, Conn.).

Assets: $11 billion.

Business Challenge: Automate entitlements management to improve efficiency.

Solution: Courion Corp.'s (Framingham, Mass.) Enterprise Provisioning Suite.

Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.