Blue Ridge Bank Accelerates Identity Governance by Cutting Access Review Efforts by 50%

Summary

Blue Ridge Bank, a community bank with a century-long history, chose a CyberArk solution to modernize its identity governance by replacing manual, spreadsheet-based access reviews with an automated platform. The implementation significantly improved efficiency—cutting review time by over 50%—and enhanced visibility into access controls, helping the bank meet growing regulatory requirements. With seamless integration across 150+ applications and strong engagement from application owners, the CyberArk solution enabled audit-ready reporting, better user experience, and scalable governance capabilities to support the bank’s continued growth.

Company profile

Blue Ridge Bank is a leading community bank that supports families and businesses through a wide range of financial services including retail and commercial banking, insurance, card payments, wholesale and retail mortgage lending, and government-guaranteed lending. The bank also provides investment and wealth management services and management services for personal and corporate trusts, including estate planning and trust administration.

Challenges

Like all US financial services companies, Blue Ridge Bank, founded over 100 years ago in Virginia, is subject to an increasingly long list of regulatory obligations. The information security team sought to improve the accuracy of user access reviews, which, like in many organizations, had been performed manually to achieve the required compliance and satisfy auditors.

The Blue Ridge Bank team felt the burden of performing manual user access reviews with spreadsheets. “When I was brought on board, manual user access reviews using spreadsheets consumed much of my time, leaving little bandwidth for other responsibilities. We wanted a consistent format with results we could pull any time for auditors,” explained Chase West, Information Security Analyst at Blue Ridge Bank.

The pains associated with manual user access processes were felt across the business: IT didn’t have a single pane of glass in which to view user access reports, and application owners were required to step away from their day jobs to complete time-consuming review tasks. As the lead Analyst in charge of user access reviews, corralling the many stakeholders across the bank was a tedious task.

Solutions

It was important for the Bank to choose a solution with great user experience for both implementing and operating the solution. Since application owners and reviewers also shared the pain associated with manual, spreadsheet-based access reviews, they also stood to benefit from an automated solution. However, a steep onboarding or user learning curve wouldn’t cut it for these busy stakeholders. “We wanted a consistent format with results we could pull any time for auditors,” noted West.

Despite being immediately impressed by the simplicity of the CyberArk solution, Blue Ridge Bank CISO Ron Buchanan was pleased by how well the solution lived up to the expectations established by the team during their evaluation process.

As part of the implementation, the information security team had to work with application owners for over 150 applications to extract user lists, map permissions, and set up review campaigns. The team found that the CyberArk solution’s extensive set of pre-built, no-code integrations and other capabilities made this process easier and faster than expected. Chase learned early on the importance of communication and coordination with application owners, which helped forge a partnership that contributed to the success of the new solution and process.

“Implementing CyberArk Comply was much easier than other IAM/IGA platforms. The deployment required no programming or complicated installations and allowed us to onboard our applications much faster and easier than other tools.”

– Ron Buchanan, CISO at Blue Ridge Bank

Results

For the Blue Ridge team, using the CyberArk IGA solution is a means of future proofing the increasingly strategic identity and access management strategy. With 90% of their 150+ applications integrated within months of initial project kickoff, and multiple means to integrate new apps, such as via API, CSV or with CyberArk Universal Sync™, the team is confident about their future growth.

West noted, “depending on the complexity of the user list, it can take minutes to onboard an application for the first time. Without an API or easily accessible CSV, we know we have CyberArk’s Universal Sync to fill the gaps.”

With a much more operationally efficient user access review process in place, the Blue Ridge Bank team is able to invest time in other strategic security projects, while simultaneously improving identity visibility and compliance accuracy. The team’s newfound comprehensive visibility into entitlements also enables continuous improvement of the bank’s identity security posture.

“Implementing CyberArk allows us to quickly move away from manual use of spreadsheets to a scalable, uniform, and timely process. We now have a more accurate view of user access and identity-related data quality issues and anomalies,” summarized Buchanan.

Overall, the team has seen significant results, including:

• An increase in the engagement and satisfaction of application owners across the business.
• Unified and comprehensive visibility into user entitlements across the organization and expedited revocation and deprovisioning processes.

Key benefits

• Operational Efficiency: Reduced the time and effort required to complete user access reviews by more than 50%.
• Unification: Organization-wide entitlement visibility and access review accuracy.
• Automation: Consistent Compliance Baseline for Access Reviews and Identity Security