The Problem

PlainID was approached by a major U.S. Financial organization that needed assistance with authorizations in its new zero trust infrastructure. Founded in the late 1930’s, this large publicly traded US financial institution has offices located across the country. Their current approach to access control was outdated and unable to meet the needs of the organization. They were using a homebuilt solution that was difficult to maintain and became increasingly complex to manage. It both controlled and managed the provisioning, was too static, offered limited visibility into the processes and required coding to make changes. Therefore, the business team was reliant on the IGA team to do continuous development based on their changing requirements, which was a time consuming and expensive process.

The financial institution was looking to move to a more modernized Authorization solution. As part of their plan to implement a zero-trust architecture, the financial institution wanted dynamic decision making capabilities that would allow them to make changes in real-time to when and how users could access resources within the network. Manually processing the growing number of entitlements was no longer sustainable and they wanted to increase the automated processes to both reduce human error and lower risk exposure.

Using PlainID for policy based access control (PBAC)

PBAC offers a centralized approach to streamline secure business processes and to simplify back-office and IT permission management processes. This approach ensures that the right users have access to the right data at the right time without the hold up of slow, sometimes even manual, internal processes.

Company Requirements for a New System and Potential Objections

The capacity to run in the cloud was imperative to the organization in order to increase flexibility of access and meet the company’s scalability needs. They also wanted to reduce server costs by hosting data on a remote server. 

An access control solution that does not require coding and supports natural language so entitlements can be easily managed, was one of the first things that attracted them to PlainID. 

They wanted a system that is efficient and simple to use, with the capability to provide a clear overview of policies. The solution needed to  cover complete visibility into who can do what, under which conditions, on what, and from where, at all times. They also required policies to be effortlessly updated to keep up with the increasingly complex regulatory requirements.

Furthermore, they wanted access decisions to be able to be determined dynamically and in real-time. This required moving from a developer driven solution to a more business focused solution that enabled the organization’s business leaders to design their own business driven policies. They required a solution that put management firmly in control and be able to make changes, manage and implement policies themselves.

Of central importance, was the need to meet security and regulatory compliance issues. The company operates as part of the highly regulated financial industry, and needs to comply with both internal and external compliance frameworks including federal and state laws. They must also conduct due diligence in terms of identity theft and fraud risk to comply with anti-money laundering laws.


The Choice to go with PlainID

Ultimately, the organization decided to implement PlainID’s Policy Manager. None of the competitors they investigated had user interface capabilities that matched PlainIDs, which enables business leaders to design and implement their own policy decisions. Those on the business side liked the graphical user interface (GUI) which simplifies complex policy interactions and provides full visibility of the processes without requiring extensive IT experience. IT departments that had managed these change requests were happy to re-task the many hours that were freed up from their ticketing system.

In addition, they were impressed by the PlainID Policy Manager’s ability to make dynamic decisions about access, determined in real-time. PlainID calculates entitlement for access to a specific resource behind the scenes and grants it only when needed. Once the access is no longer required, a notification is raised for deprovisioning.

The organization found PlainID easier to use than their home built Authorization solution. The financial institution wanted something simpler for management, a dynamic policy engine. The ability to implement decisions, create policies, make changes and affect the IGA provisioning all in real-time. PlainID’s policy manager oversees countless rules across multiple directories while limiting the administrative burden.

Measurements of Success

The financial institution now has a zero-trust architecture in place. The users are verified through the authentication solution and the data is protected. What happens in the network is controlled within a more resilient architecture, with access points to critical data guarded by increased security.

Currently there is less than one full-time person managing the PlainID platform. 

The decision of who is granted access and when is a business decision. Policies can be created and edited easily when needed. Access rights can be changed immediately without IT assistance. Policy management is simple.  

A further upgrade is in progress to support even more of the financial institution’s cloud-support requirements, including containers support.

To learn more about how PlainID’s solution can enable a zero-trust architecture, click here to schedule a demo with a member of the team.