The Citizens Bank simplifies access and compliance using CyberArk Workforce Identity

The Bank Gets Office 365 Federation and Meets GLBA Requirements using CyberArk’s MFA, SSO and Lifecycle Management

The Citizens Bank

Company profile

Founded in 1908, The Citizens Bank serves customers through 23 branch offices in the American South. The company has been nationally acknowledged for financial strength and performance and is consistently named one of the country’s top performing community banks.

Challenges

Implement identity federation services for Office 365 without requiring significant new investment or added pressure on the IT team. Provide single sign-on for users. Simplify the IT tasks of user provisioning and deprovisioning. Help ensure compliance with GLBA regulations.

In the process of renewing their Microsoft Enterprise Agreement, The Citizens Bank decided it was time to move to Office 365 for a more easily-managed solution. However, they’d heard that Microsoft’s complementary Active Directory Federation Services (AD FS) product comes with many challenges and considerable expense.

“We’re a Microsoft shop and over the years we’ve learned that their free services are valuable, but often require significant overhead in terms of implementation and administration,” says Ledale Reynolds, Chief Information Officer at The Citizens Bank of Philadelphia. “In doing research for Office 365 we were advised to avoid AD FS.”

The company decided to look for a more efficient solution that wouldn’t require significant additional investment in the transition to Office 365. As an FDIC-regulated financial institution, the company must also comply with GLBA (Gramm– Leach–Bliley Act) regulations, which require that a host of specific actions be taken to protect customer financial data.

Two key components of protecting user information are tightly controlling access to the data and having the ability to quickly remove that access when employees leave the company. So, secure password management and the ability to easily provision and de-provision cloud applications are essential.

Solutions

The Citizens Bank followed the advice of technology solutions provider SoftwareONE and evaluated CyberArk Workforce Identity. They found it to be an easy and low-overhead solution for Office 365, with several high-value complementary features including multi-factor authentication.

Technology solutions provider SoftwareONE recommended the company evaluate CyberArk Identity as a solution to provide the Office 365 identity federation, password management and other security functions they were looking for. “We had a demo and found it to be a clean, easy and low overhead method for implementing Office 365,” says Reynolds. “Because time was a factor, we took the advice of SoftwareONE and moved forward with the implementation.”

To insure a smooth transition for all employees, the IT team took a two-step approach with the Office 365 rollout. “We configured a primary group inside CyberArk Identity for all users, and provisioned them for Office 365 without active licenses,” says Reynolds. “Now all we have to do is move them from that group to a second licensed group, and minutes later they’re up and running. It’s very easy.”

The company began by rolling out the CyberArk Identity solution first to the IT team and then moved into the call center, with the goal of completing the company-wide rollout before the end of the year. All employees will soon authenticate through Workforce Identity for access to Zendesk for IT support and Asana for product management, as well as any new cloud-based apps the company implements. “The mortgage department uses a number of different systems that we’re looking to tie into Workforce Identity to facilitate user access, strengthen security and simplify user provisioning and deprovisioning,” says Reynolds.

Results

Single sign-on and secure access to Office 365 and other key apps is now available with no added impact on IT. Several key GLBA requirements for user authentication and customer identity protection have been addressed.

Today, CyberArk Identity allows The Citizens Bank to centralize the account management of Office 365 and other cloud services. “SAML- enabled apps can easily be linked into the Workforce Identity system and that significantly simplifies password management for the IT department,” says Reynolds. “It also makes it easier on users by reducing the number of passwords they have to remember, and that makes the whole network much more secure because passwords aren’t stored in unsafe locations.”

When an employee leaves the company, they’re disabled in one location and access to all services is automatically removed. This ensures they do not retain access to customer data, in compliance with GLBA regulations.

CyberArk Identity’s multi-factor authentication capabilities have proved beneficial for users who are logging in from outside the bank’s network as well.

“Our remote users are leveraging CyberArk Identity Adaptive Multi-Factor Authentication to gain access. It has simplified the process for them, made us more secure and also helped us to maintain compliance with GLBA regulations”
– Ledale Reynolds, CIO, The Citizens Bank of Philadelphia.

The company is anxious to explore CyberArk’s reporting capabilities for a clear picture of app compliance and usage. But to date, the bonus feature that stands out is the over 5000 pre-integrated apps the company can automatically add into the CyberArk Identity service. “The number of third-party websites and cloud apps that Workforce Identity supported out-of-the box was a huge added bonus,” says Reynolds. “We now have a web application matrix that we’re using to identify which apps we’re already using — or could use in the future — that have existing integration with CyberArk.”

Key benefits

  • Centralize the account management of Office 365 and other cloud services
  • Reduces number of passwords making whole network more secured
  • Process is simplified and more secure for remote users logging on outside of company network
  • Over 5000 pre-integrated apps the company can automatically add into the CyberArk Identity Service

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey