The largest listed Portuguese bank Millennium bcp expands the coverage of its Identity and Access Management system (IAM) to include core banking applications and deploys Beta Systems’ risk-driven governance solution.
Millennium bcp is Portugal’s largest listed bank, with a prominent position in the financial market in Portugal. It is the second-largest Bank overall and the first listed banking institution in terms of market share – both in loans to customers and in total customer funds – with an impressive distribution network, made up of a total of 695 branches at the end of 2014. It is also a reference institution in Europe and Africa, through its banking operations in Poland, Mozambique, Angola and Switzerland. All these operations trade under the Millennium brand.
15 years of collaboration enabling automated identity management.
In 2000, Millennium bcp started using Beta Systems’ IAM software solution, now known as SAM Enterprise Identity Manager, in order to manage its RACF accounts. In 2002, the bank included the management of Active Directory accounts and one year later extended the scope to their international operations. In 2003 the OS/400 account management was integrated in SAM. Over the years, Millennium bcp went on to cover additional IT systems and to deploy Beta Systems’ password self-reset tool, hence further increasing productivity and lowering IT support costs. By 2015, Millennium bcp had been successfully using our iam software for 15 years, to manage the identity and access of all employees Worldwide (Portugal, Poland, Mozambique and Angola).
“In a bank, improper management of user identities and their access rights may easily result in a security breach with major impact.”
Going two steps further with Beta Systems in 2015, towards business-based risk control.
Millennium bcp recently reaffirmed its confidence in Beta Systems Software: first, the bank launched the project to include its global core banking application on OS/400 used by the international operations (ICBS), as yet another target system managed by SAM. Millennium also implemented Garancy Access Intelligence Manager (Beta Systems’ risk governance module), in order to evaluate and govern risks associated to the users and their access rights thanks to comprehensive dashboards, reports and multidimensional analysis.
“In a heterogeneous IT environment, such as Millennium bcp’s, an IAM solution significantly improves the efficiency and control in security administration, and Beta Systems’ SAM has proven to be a reliable solution.”
Jorge Carreteiro, CISO at Millennium bcp
A Reinforcement of Millennium’s IT security.
By nature, a security breach can have major impacts on a banking institution. Most of the time, companies fear external attacks, but people from inside the organization often have excessive access rights for their role and are the most likely vector of security failures, whether actively engaging in improper activities or, more often, as unconscious providers of hijacked accounts and associated rights. Between 50% and 70% of all successful cyber-attacks are attributed to insiders. Hence, the need to properly manage user identities and limit the related access rights to the minimum required for a given role in the organization. Banks must also ensure that their information systems remain compliant over time with current norms, standards and internal processes.
The full Millennium case study is available for download on Beta Systems Customer page.