Established in 1918, Saraswat Bank is today one of the largest urban cooperative banks in India. The bank’s leadership is committed to taking its legacy ahead with outstanding service.
It is following a digital-first approach to embracing digitalization across the institution by adopting emerging technologies and newer business models.
“To cater to the needs of the new-age customers, we continue to increase the bouquet of our digital product offerings,” says the bank’s CISO Dimple Santwan.
As a result, the bank has a bouquet of over 30 digital products and services. It has also placed emphasis on the penetration of digital products, experiencing a significant increase in digital transactions in the last few years.
As the bank continues its digital journey, it becomes critical to protect against rising and increasingly complex cyber attacks. This is because a successful attack could jeopardize customer confidence in the bank’s internal control systems and processes.
The bank had already constituted an Information Security Committee for strategy and governance to ensure effective and holistic implementation of robust and comprehensive security controls around people, processes, and technology.
However, with digital transformation, an organization’s data, applications, and users are everywhere. And protecting this scattered ecosystem – in a world where users are accessing data from anywhere, any place, and any device – requires a correlation of real-time security context across all security domains.
That is where zero trust comes in.
“As part of our zero-trust strategy, it was important to stay secure in a permitter-less world where identity is becoming the new perimeter,” says Dimple.
The bank, hence, decided it is time to go fearless with zero trust.
It kickstarted its zero-trust strategy with the adoption of identity context-related controls. As the first steps on that journey, it was looking to find suitable identity governance and administration (IGA) along with a single-sign-on and risk-based multi-factor authentication solution that will help improve their risk posture effectively.
“We were hoping to understand who within the organization has access to what and to improve visibility into how that access is being utilized,” says Dimple.
The ask from Dimple was clear. She wanted to provide a secure and user-friendly authentication experience, to ensure users have proper risk-based access with a centralized identity and access management solution.
Dimple and her team had established a holistic approach to choosing a provider for the bank’s IGA initiative, following a meticulous process.
To respond, IBM Security Software and business partner Aujas Labs team executed a deep dive technical workshop and delivered a custom proof of technology (PoT) with a demo that highlighted the overall value of IBM Security solution versus that of key competitors.
Satisfied on seeing their use case running in the IBM PoT environment, Dimple and her team chose to go with IBM Security Verify Governance and Access solutions.
IBM Security Verify Governance allows organizations to provision, audit, and report on user access and activity through the lifecycle, compliance, and analytics capabilities. While IBM Security Verify Access provides Single Sign-on and risk-based multifactor authentication to help organizations maintain security as they adopt new technologies.
These capabilities together help Saraswat Bank to streamline identity and access processes integrating across heterogeneous environments and improve the overall security posture of the bank by ensuring strong authentication.
At the same time, there is no need for users to remember multiple usernames and passwords. There are no more complicated and long onboarding processes for new employees and long wait times for access request completion.
Quote from Dimple on why they chose IBM: “We decided on IBM for the technology. We validated that the IBM solution works for us and can fulfill our requirements. Equally important was the reason that IBM paid attention to us.”
With IBM Security Verify solution, Saraswat Bank can:
- Adopt important controls like identity within their overall zero trust security strategy
- Ensure that only the right user has the right level of access to the right data for the right reason
- Balance security with user experience with single sign-on and multi-factor authentication