Transcript
Spurkes is a state bank and savings bank, but it's a universal bank. We do retail banking, private banking, corporate banking and institutional banking. We have 2,500 employees and too many customers to count. My bank was funded by the parliament of Luxembourg. In terms of security for the banking industry, the main risk is data breaches or the inability to operate, because it can cripple your brand, it can cripple your identity and it will cripple the trust of your customers. We started looking for an AGA solution because of regulation, so we needed a solution in order to centralise all this action and enable the team to improve their capacity and to improve their actions. We chose one entity for 2 things, first the philosophy of the product and second the features. It's one of the tools, if not the only, that you can customise a little bit and still be with the margin of best practice. So you can adapt the solution to your businesses and yet you are still within the best practice of the solution. About the features, it's more like you have a complete package of what you can do and what is needed from the regulation. So we are talking about providing the access, governing the access and recertification of the access. So the attestation process is our main focus right now and we are working to integrate the full process within the solution, the one entity manager solution, in order to automate it and simplify it. Before one entity, I'm lucky because everything was documented and standardised, but everything was done manually. That's a problem because you can have human errors and it's not good in terms of compliance. So the tool helped us to tackle these problems and to build on it. The main benefits of the tool is always to be compliant with regulation, but mostly it's automation. In this industry, you have to keep up with all the regulations you can have and the automation can help us to keep doing what we were doing, automated, human error-free, and yet to keep pace with the regulations that keep going from national or European ones. The partnership with AM Expert began as just an implementing one and I put my idea through them before making a decision and everything. And it's important for me to have top of the heart consultant trained in order to be sure that if I go in any direction, it will be the good one. AM Expert is a 16-year-old consultancy. We are specialised in the IAM. So we offer advisory, implementation and managed services on IGA, PAM and access management and of course, customer IAM projects. Sperky approached us several years ago now because they had heard about us, so good echoes, from some other clients in the region, but also from some other projects in the neighbour countries. So they asked for help in the IAM space because they needed advisory, but as well, hands-on expertise on the One Identity Manager product. One Identity is a major actor on the market, it's one of the leaders and that helped us to build a partnership, a long-term partnership with IAM Experts. Given the fact that they have had actually several suppliers, they have their own unique way of doing things and I think IAM Experts added value by recommending the best practices on the IGA solution and accelerate their IGA programme. Another challenge that they faced is of course, the resource scarcity. So it's a global fact that there is a scarcity in the resources in the IAM. But in Luxembourg, believe me, it's even stronger and worse. So we did actually try to fill the gaps by being much closer actually to the clients, to the team as well. So here I think the relationship that we had got stronger because the account management was key to that relationship. In this identity-driven system information, any decision you make about identity will have propagation to the entire system information. So you can make mistakes, but not too much and not for too long because you have to correct them very, very fast. So be sure what you are doing because if not, you will create technical debt for the future. Our experts, the experts that are positioned at Schperkes, have a very long career in the IAM space and the cyber security, so they are all aware about the regulation that can actually take place, especially in the banking industry. So they don't only advise on the IAM, they advise on the cyber security side as well. So my main lesson learned about this industry is do not reinvent the wheel. Some people have already done the work for you and they've built it on experience and a lot of experience. So you have to capitalize on it, centralize your identity and access management, put it somewhere in the team you trust. And then from this, you can build a complete environment, a complete platform that you can trust it to get the job done and to be compliant with any regulation you have.
