Financial services have long been at the leading edge of identity and access management (IAM). Back in 2009, Gartner analyst Ray Webster was speaking about how the larger financial institutions had helped forge an IAM path a decade earlier, driven in part by “the regulatory atmosphere and the need for audit controls and data protection that produces reports quicker and makes this more transparent.” He also noted that automated systems and a fairly good audit and information management facility were enabling banks to show auditors that they were practicing IAM consistently with their requirements. (1)

While IAM has evolved significantly in the past nine years, many of the same considerations still hold true. Financial institutions must ensure regulatory compliance and protect against data breaches, while delivering great user experiences and enabling innovation. Unfortunately, the outdated methods of IAM haven’t kept pace with today’s environment.

That’s why one of the largest and oldest banks in the world recently selected Ping Identity’s comprehensive identity services to secure their data, ensure compliance with shifting regulations, and offer a rich customer experience.

Modern Identity Needs
Prior to Ping, the financial services institution was leveraging a combination of tools that was not capable of handling all of their next-generation needs for IAM. These requirements included:

• Continuous and contextual authentication. Complex and on-premises requirements of legacy web access management (WAM) systems and the limitations of API gateways meant that the institution lacked a central location to manage access security and did not have the depth of access control required. For example, the bank’s previous identity system couldn’t handle token mediation.
• Integration with behavioral analytics solutions. The bank had a vision of including analytics within authentication, which would give them an even bigger opportunity to apply their data innovatively and improve their end user interactions.

The bank chose Ping Identity because the Ping team demonstrated the ability to meet all of their requirements in POC. Ping also was able to prove the ability to interoperate with the legacy system during what is anticipated to be an elongated migration period, due to the large number of applications that are being migrated.

The Ping Identity Platform
Over the past year, the institution began shifting to the Ping platform. They started by replacing their outdated directory environment with PingDirectory, a scalable, flexible and secure directory system that enables them to store millions of customer, partner and workforce identities.

A few months ago, they implemented PingFederate and PingAccess, a federated access management solution that allows them to:

• Centrally manage sessions and access policies for any application.
• Enable web single sign-on (SSO) to all applications.
• Apply access policies at the URI level with an extensible rules engine.
• Migrate applications away from legacy WAM and IAM products, simplifying administration and lowering license costs.

Most recently, the bank began deploying PingID, a multi-factor authentication (MFA) solution that increases security without sacrificing the user experience. PingID’s modern authentication solution allows users to select from multiple authentication methods and devices, while the adaptive MFA functionality uses a variety of risk and contextual factors to keep them safe and secure.

Today, the bank has a more flexible and scalable IAM platform to roll out modern apps for both web and mobile to the business units while meeting ever more stringent security guidelines. Over time, they will slowly be able to migrate off of their legacy systems entirely to experience cost reductions as well.

Learn more about how Ping Identity serves financial institutions.

(1) Linda McGlasson, “IAM Trends: Financial Services is at the Leading Edge,” BankInfoSecurity, June 30, 2009