Kiatnakin Phatra banks protects human and non-human privileged access

Kiatnakin Phatra bank implements PAM controls to enhance security and drive operational effiencies

Kiatnakin

Company profile

Kiatnakin Phatra Financial Group was formed through the merger of Kiatnakin Bank Public Company Limited and Phatra Capital Public Company Limited in 2012. Based in Bangkok, Thailand, the bank offers a wide range of financial resources, including commercial banking, securities brokerage, and wealth management services.

Industry: Financial Services
Employees: 4,580

Challenges

Kiatnakin Phatra Bank Builds Consumer Trust with CyberArk Privileged Access Management Solutions

“We’re always looking for ways to ensure that our customers feel completely comfortable doing business with us,” emphasized Narudom Roongsiriwong, senior vice president and head of IT security at Kiatnakin Phatra Bank. To compete with the larger organizations of Thailand’s financial sector, the bank focuses on making smart decisions that enhance agility, maximize value from available resources, and enrich the customer experience.

Following its 2012 merger, Kiatnakin Phatra Bank boasts expertise in an extensive range of customer offerings, from personal checking accounts and housing loans to investment advisory services. Committed to delivering what is in customers’ best interests, the bank has worked carefully to transform itself into a one-stop-shop of financial resources for its clientele.

The journey has seen the bank grow and distinguish itself as a responsible, trusted steward of the assets and personal information customers entrust to its safekeeping.

An Overflow of Unmonitored Accounts

As the bank’s business has evolved, so too has its IT infrastructure. By issuing elevated privileges directly to employees, the IT team was able to effectively adapt and reconfigure systems to support the growth.

An audit to assess the security impact of these changes, however, revealed that the bank had accumulated a surplus of privileged accounts in the process. If left unmanaged, stolen credentials could be used to evade the bank’s other layers of defense and to target customers’ assets. As with all financial institutions, any such compromise would have a catastrophic long-term impact on the ability to retain and attract clients.

To address the proliferation of elevated credentials, Kiatnakin Phatra Bank needed to establish a convenient method for applying strict control over privileged accounts and ensuring access is granted to verified users only when needed.

Narudom explained, “The need for elevated access exists everywhere in our environment, even down to hardware components like network equipment. Having to manually track all of these accounts – and rely on people to rotate complex passwords every 90 days – requires considerable administrative oversight, and yet still has potential to not be fully secure.

Solutions

CyberArk Simplifies Security Operations

The bank searched the market for a way to implement more rigorous control over the creation and storage of privileged credentials. After evaluating leading providers, Kiatnakin Phatra Bank selected the CyberArk Privileged Access Manager Solution.

Narudom highlighted, “Our security stack comprises products from multiple vendors and CyberArk integrated well with all of them. As an example, we make extensive use of a well-known vulnerability management solution and we’re now able to easily retrieve the necessary privileged credentials from the vault that permits us to run automated scans on key servers.”

With CyberArk solutions, Narudom and his team have achieved full control over all of the privileged credentials in Kiatnakin Phatra Bank’s environment.

By replacing individual user oversight of elevated credentials with automated password rotations and management from the CyberArk Digital Vault, the bank has an efficient method for controlling access to privileged accounts and ensuring only verified users gain elevated access to the bank’s systems.

“CyberArk enables us to enforce strict access policies that have helped reduce downtime and streamline efforts across our organization. We can now hold infrastructure and IT operations teams accountable for planning specifically when they’ll require elevated access, and then set the appropriate policies in CyberArk to monitor these activities and ensure users are securely navigating protected systems,” shared Narudom.

After seeing the early success of their CyberArk deployment, Kiatnakin Phatra Bank advanced their PAM program to secure, manage and rotate secrets used by commercial (COTS) applications and other non-human identities with the Secrets Manager Credential Providers solution.

Results

Enhanced Security Posture

Narudom uses the CyberArk Credentials Provider solution as part of the bank’s secure software development lifecycle. The Senior Vice President’s approach integrates privileged access management into the design of new applications, rather than layering security on top of a finished product.

Building these access policies for non-human identities into the foundation of new applications makes it possible for the bank to remove hard-coded credentials and securely store them in the Digital Vault alongside other passwords, keys, and comprehensive logs of all the privileged user activity they enable.

“With CyberArk, it is easy to demonstrate to auditors how thoroughly we are managing privileged credentials across our environment. We can easily pull up audit logs and show who is using privileged accounts, when, and for what purpose.”

-Narudom Roongsiriwong CISSP, Senior Vice President, Head of IT Security, Kiatnakin Phatra Bank

Kiatnakin Phatra Bank also uses CyberArk to enhance its overall security posture. The CyberArk Privilege Self-Hosted threat detection and response capabilities feed security intelligence on privileged user activity to the bank’s IT team, who then use it to contextualize the intelligence feeds from other platforms in the environment.

“We plan to use CyberArk to understand in real-time if an unmanaged privileged account is trying to gain unauthorized access in our environment. CyberArk will play a key role in how we proactively address risk,” observed Narudom.

Working smarter, introducing efficiencies, and maximizing value from an integrated security stack are all part of Narudom’s vision for the bank’s future. His leadership resulted in him winning the “Best Application Security” and “CISO of the Year” categories awarded by NetworkWorld Asia.

As the organization expands its retail banking offerings, Narudom’s team’s efforts to inspire consumer confidence in the security of its digital service offerings, like the KKP e-banking mobile app, will be invaluable to reaching new markets.

Commenting on the bank’s ongoing journey with CyberArk, Narudom concluded, “One of the aspects I’m most impressed about with CyberArk is the possibilities it opens up for automation. I love how simple it is now to design a new access policy and put it in action, like password rotation. We’re eager to continue reducing the workload on our IT team with these types of process efficiencies in the future.

“Though Kiatnakin Phatra Bank is one of Thailand’s smaller financial institutions, our cybersecurity program is well respected by the industry. Partners choose to work with us because they trust the quality of our security, and we’re excited to be instilling that same level of comfort in our customers as well.”

Key benefits

  • Automation eliminates potential for errors and reduces time required to manage credentials
  • Interoperability with existing security stack enhances combined impact of all solutions
  • Centrally stored repository of credentials and session logs dramatically simplifies audits
  • Real-time intelligence of privileged user activity improves overall security posture
  • Drives operational efficiencies

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey