Audit and compliance demands force IT security upgrade at Arab National Bank

Under pressure from its audit committee to tighten internal IT security controls, Arab National Bank has implemented automated user management and monitoring technology from Symark International.

  0 Be the first to comment

Audit and compliance demands force IT security upgrade at Arab National Bank

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The Saudi bank is using Symark's PowerBroker, PowerPassword and PowerKeeper to manage administrative and super-user access across its IT portfolio. The technology defines administrative privileges, monitors access and logs user activities across the bank's 200-strong IT workforce.

 

Bruce Horvat of the bank's enterprise security administration, says the inherent openness of the bank's diverse Unix environment had created weaknesses in control procedures as IT staff shared access to certain administrative accounts such as the root account.

 

"To try to control this, we devised a manual procedure," he says. "While this was an improvement, it was not infallible or acceptable by current compliance and IT security standards. Our auditors clearly did not view this as the most secure approach and requested that we change our privileged user password management practices."

 

Symark's PowerBroker enables ANB to apply unique identifiers to users, hold them accountable and monitor their activities by delegating what commands they can run with privileged level access such as at the root account and logs their keystrokes. The PowerKeeper appliance facilitates creation and control of privileged shared account administrative passwords, and allows Horvat and his staff to keep track of administrators' activities on banking systems. Meanwhile, Symark's PowerPassword application has been deployed to give the bank more flexibility in assigning user IDs for ANB's 3500 employees.

 

Says Horvat:"We are no longer faced with answering audit comments about monitoring administrator activities, and we have eliminated those sealed envelopes containing administrator passwords…and the audit comments that came along with them."

 

He says the bank is also using the technology to demonstrate regulatory compliance with the Capital Market Authority and the Saudi Arabian Monetary Agency.

Sponsored [On-Demand Webinar] Solving the KYC challenge with end-to-end processes

Comments: (0)

[On-Demand Webinar] Solving the KYC challenge with end-to-end processesFinextra Promoted[On-Demand Webinar] Solving the KYC challenge with end-to-end processes