Skip to Main Content
Access your saved content
Accenture helps a leading global capital markets company to transform its information security environment by following a strategic vision and a transition plan for security.
The client is a leading global investment banking, securities and investment management firm based in New York. It provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and high-net-worth individuals. Services include investment banking, investing and lending, institutional client services and investment management. It employs more than 25,000 people and its revenues in 2011 exceeded $20 billion.
In 2006, Accenture was selected to help lead a multi-stage transformation of the company's security department to reduce operating costs, mitigate risk against security breaches, improve employee productivity through automation, and comply with regulatory guidelines and data privacy requirements. The company based the decision on its longstanding business relationship with Accenture, as well as Accenture’s differentiated Information Security practice.
As both an investment bank and bank holding entity, the company had adopted a proactive, risk-adverse approach and operated a large security department. However, at the project onset, the security department was not sufficiently aligned to business strategy, and had an insufficient budget and headcount to address increasingly stringent regulatory requirements. The company also typically implemented large security projects in silos, which did not necessarily meet all of the business needs of other departments in the organization and sometimes led to total cost of ownership overruns.
Lastly, many of the company’s identity and access management processes were done manually. These processes were not only time consuming, but also inadequate to comply with the more advanced auditing and reporting capabilities required for internal security controls and external regulations.
To overcome these challenges, Accenture’s first objective was to provide a strategic direction for security with a clear transition plan and roadmap. The initial step was to centralize the company’s existing security function into a global department focused on providing standard and consistent solutions. As part of this centralization, Accenture helped the company to:
This effort refocused the global security department on the highest priority activities that directly supported the business objectives of the organization.
Once the global department was in place, Accenture collaborated with the company to develop and implement a mixture of vendor and custom-coded security solutions to safeguard the company against increasingly sophisticated security threats, and reinforce internal detection and quick-response mechanisms.
After these applications were built, Accenture assumed full offshore maintenance of the automated provisioning, role management, and policy-driven, role-based access control tools.
Accenture utilized 40 security professionals at project peak, with 40 percent of the development work done onshore and 60 percent offshore in the global capital market company’s delivery location in Bangalore.
Early in the project, Accenture helped the company make a smooth transition to a centralized global security organization with a single governance structure; standardized services, roles, responsibilities and processes; and enabling security solutions, and identity and access management technology.
The fully automated identity and access management suite of applications provided the security department with the tools to manage day-to-day provisioning and access processes, including HR changes such as employee transfers between departments, while also reducing the number of manual mistakes due to human error. The automated processes also:
Significantly reduced the amount of time to grant and revoke access to systems and applications. Up to 90 percent of the business lines are automatically provisioned with company email addresses and basic access to core systems.
Expedited new employee onboarding. Up to 14 business days prior to start date, new joiners are provisioned with single sign-on user identity credentials, Microsoft Active Directory profiles and user accounts, Microsoft Exchange mailbox, and physical access cards.
Enabled quicker offboarding of terminated employees. All leavers are processed within 24 hours to minimize the risk of internal security threats.
Overall, the multi-stage security transformation project helped the company to reduce operating costs, mitigate risk, improve productivity through automation and address regulatory requirements.
Skip Footer Links