QNB Finansbank Scales Identity with SailPoint

Founded in 1987 and based in Istanbul, QNB Finansbank AS is the fifth-largest bank in Turkey. It provides core banking services to corporate, investment, and small/mid-sized business customers throughout the country. As of 2019, QNB Finansbank included 542 physical branches and nearly 13,000 employees.

When it comes to identity and access management, one might expect QNB Finansbank to face steep demands, and with 14,000 active users — with roughly 485,000 entitlements — the bank certainly does. As QNB Finansbank CISO Argun Derviş explains, the national bank grew in both size and the number of services it provides, along with the complexities associated with its identity and access management program.

As the Bank needed to enlarge the scope and number of applications integrated and managed under its existing identity platform, the intricacies of the platform became more complex and troubleshooting more difficult. Consequently, its existing inhouse team developed identity and access management tools and applications that couldn’t scale with the growth and change. Adding to the challenges were the multiple teams responsible for developing various identity and access management tools.

QNB Finansbank needed a more effective way to integrate and manage access to new applications and services as they were developed or acquired, Derviş says. In addition, the bank needed to successfully maintain an effective security and regulatory compliance posture. With all of this in mind, the security and governance teams decided that they needed to find a way to simplify their identity and access management processes, centralize the management of the various applications performing identity-related tasks, and find an identity management platform that would enable them to more quickly and cost-effectively manage and certify the access to more services and applications.

The move to govern identity

QNB Finansbank, like all banks, must comply with a host of state and industry regulations, including Basel III international banking regulations, Turkey’s banking regulatory and supervisory framework, which includes identity and access management specific mandates. “Effective identity management is important to minimize compliance and regulatory risks that can arise from manual efforts, or a breakdown within existing identity management platform,” says Esra Gönenli Yalçın, manager of risk management and governance at QNB Finansbank.

To achieve these goals, the QNB Finansbank identity team sought an identity platform that would enable them to shift their identity and access management approach and manual compliance review processes to an identity governance program and platform. Such a platform should also streamline their ability to meet regulatory compliance identity lifecycle. As they searched, they realized the need to find a solution that enabled them to be able to centrally manage and govern all identities and access rights.

The final analysis determined that platform to be SailPoint. SailPoint’s identity platform enables organizations of all sizes to connect and centrally manage access to all of their applications, file folders, and cloud services throughout modern and complex hybrid enterprise-technology environments, including cloud, mobile, and on-premises systems. As a result, organizations can quickly onboard applications and services, streamline access certifications, provide self-service password resets, automated provisioning, and file access management as well as enable the separation of duties.

QNB Finansbank gains identity management efficiencies

According to Yalçın, SailPoint quickly enabled the automation of QNB Finansbank’s helpdesk password-reset calls and cut weeks off of the time required to certify application access levels. SailPoint also helped ensure that employees were productive from day one. Furthermore, efficiencies gained included easing the integration of applications into the bank’s identity management program as well as accessing improved processes for periodic compliance monitoring and reporting activities. “We are also able to more quickly and accurately troubleshoot any issues that arise,” says Yalçın.

The implementation was divided into phases so that the results could be seen more quickly. In these phases compliance and life cycle management modules were implemented for Active Directory, LDAP, core banking, call center, payment systems, Oracle EBS applications and thousands of servers and databases.

The team has built integrations with many applications to streamline the identity processes, including the human resource application, configuration management system for managing servers and database integration, and service management software for access requests, Cyberark PSM Integration for managing privileged users, application and generic accounts, and orphan accounts.

Yalçın says QNB Finansbank will continue to build on its success and ease the integration of its applications, prioritizing applications according to those with the largest amount of identities and the most stringent regulatory compliance mandates. “We will also reduce the time it takes to get new full-time employees the access they need to the applications necessary to do their jobs,” she says.  

“Going forward, we will continue building on the foundation we have put in place with SailPoint,” she says. “Identity management and governance aren’t efforts with an end-date; they’re something we will always be working to refine and improve.”


討論