ABN AMRO is the 26th largest bank in Europe, serving retail, private and corporate banking clients primarily in the Netherlands, with select international operations. It is the third largest bank in the Netherlands, and they are focused on creating long-term value for stakeholders.
Legacy & Homegrown Solutions Slow Innovation and Compliance
A few years ago, employees at ABN AMRO who needed new access had to send an email to IT requesting that access. Because departments had different access policies, IT had to manually respond to each request after reviewing a myriad of options. “We have 4,000 departments at ABN AMRO, which gives you an idea of the volume and number of ways IT was left interpreting requests for employee access,” said Jochem de Ru, Product Owner at ABN AMRO. The email-based request application was eventually deemed “the most hated tool,” and de Ru knew there had to be a more efficient, accurate and secure method for employees to request and receive access. At the same time, IT needed the ability to have a single view into all identity data.
ABN AMRO made the decision to migrate to a modern identity governance program, replacing their homegrown systems and manual processes. de Ru knew they needed to improve the foundations of their existing program in order for employees to see value in any investment, and in turn adopt the new technology. The IT department needed a single source of truth for identity-related data. And importantly, ABN AMRO needed an identity platform that could continually grow as the company evolved its security strategy and acquired new businesses, securely and confidently.
SailPoint, the trusted partner for the banking consortium that ABN AMRO split from, was selected to assist with their next-generation identity program. “SailPoint offered a scalable, comprehensive identity governance platform that met our immediate needs, and could grow with us,” de Ru stated.
Identity Governance for Streamlined and Secure Access
Before kicking off the new project, ABN AMRO had a single business role for everyone and used applications primarily focused on a subset of their employees. This subset had a simple HR structure and minimal apps to gain access to, making them the easiest group to assist. With the focus on this group, they ended up not managing access to other users that were often more complex and accessed riskier applications. Leveraging SailPoint, de Ru set out to grant access to all types of employees in a scalable way. He also needed to future proof the system – account for mergers and acquisitions that could happen down the road and control everything through SailPoint.
“Banks are generally under scrutiny from auditors due to the sensitive nature of information we house. Compliance was a main driver for our program, underpinned by our security efforts. With SailPoint, we were able to deliver streamlined, secure access and importantly, demonstrate compliance to our auditors,” de Ru said.
To begin with, ABN AMRO built an identity strategy to streamline access to for their more than 30,000 users to over 200 applications. Using HR data as the authoritative source, they now assign roles based on the employee’s department and corporate policy. With SailPoint, ABN AMRO certifies access at the manager level, providing an audit trail of access approvals. de Ru has led the team by taking incremental steps and showing progress at each stage to win over new adopters. “We’re taking on a significant effort to modernize our identity processes but need to be realistic along the way. Taking a phased approach helps us understand what’s working and what’s not, iterate, and then continue moving forward.”
Investing in the Future with Your Identity Program
“The impact of our identity program has been disruptive – in a positive way. Because we are implementing in a phased approach, we’ve seen employee engagement and excitement grow as we continue to onboard new apps and watch them reap the benefits of the tool,” de Ru said. As they continue to progress with decommissioning legacy systems, they expect to see great cost savings. “This program has helped us get in control of our IT infrastructure and will continue to make our lives easier.”
Next in the project for ABN AMRO is addressing privileged users more holistically with SailPoint’s Privileged Account Management Module. “The Privileged Account Management Module is going to help us grant access through CyberArk in a controlled way. The integration between SailPoint and CyberArk will give us increased visibility into high-risk accounts and provide more capabilities for reviewing access,” de Ru said.
Finally, de Ru shared his suggestions for other organizations moving on from legacy environments. “Don’t boil the ocean. This is a program that can’t be rushed, and stability will come if you take the slow and steady approach. Also, partner with a system integrator that can help you understand the solution. Partnering on our identity journey with SailPoint is a pleasure, and we are very happy with the support they provide.”