PBAC: It’s Not Just For Security

Gal Helemski
November 24, 2019

When most people think of cybersecurity and banks, they naturally think of data breaches with accounts being wiped out due to unauthorized access by bad actors. While this is certainly a legitimate association, the following use case shows that a good Authorization solution not only protects data but also improves business efficiency. 

Read the Blog: Protecting your Most Valuable Assets With PBAC

The Problem: Too Many Entitlement Definitions

Today’s credit-card market is highly competitive, As an August 2019 report puts it, “credit card issuers are in a pitched battle to win new customers with ever-richer rewards and incentive programs.” One of these credit card issuers had a problem related to efficiency issues with its Authorization solution that was costing it money as well as frustrating its customer-facing staff.

The company had a call center that was measured by its ability to address customer calls. Additionally, the center was responsible for outgoing promotion calls. Whenever there was a new business offering, the Customer Service Representatives (CSRs) were required to call existing customers to promote that new offering.  

The call center employed mostly short-term employees, with 30 joining the company every week, following training. That’s when the Authorization nightmare began. In addition to having to onboard the workers to the credit card company’s network, a single team in the security department had the daunting task of manually assigning each one the correct set of access rights, conferred by an old-fashioned entitlement rights system that had simply grown out of control. Each employee was required to have an average of 200 different entitlements definitions. The entitlements varied according to the exact section of the call center they worked in, with approximately 75 different combinations in use. While the system no doubt was efficient at one time, by the time they turned to us, the company’s team was already behind schedule and making errors in making assignments.

But they had worse problems. First there were complications with promotions and position changes, which required new entitlements. But more importantly, every time there was a new promotion event, nearly half of the call center employees needed to gain access to the new offering. This meant an additional 40 new entitlements definitions per user, for a short time period defined by the event. This was simply too much for the overworked security team. There were many complaints due to the inability to get all entitlements on time, wrong or inefficient definitions. On several occasions, the card issuer had to postpone new promotion events just due to a lack of entitlements.

The lack of entitlement management affected the company’s ability to effectively run promotions, cutting into both its profitability and its market share. The front-line employees who were supposed to make the promotional calls were unable to, causing them to be frustrated, especially as they lost opportunities to make sales bonuses. 

Download the Whitepaper: Advanced Entitlement Management for Online Banking

The Solution: PlainID Policy-Based Access Control

PlainID solved the credit card company’s Authorization problems by implementing an automated Policy-Based Access Control (PBAC) solution. Policy-Based Access Control is a type of Authorization solution that can be used with any Identity and Access Management (IAM) system. PBAC supports creating either coarse-grained or even fine-grained policy statements such as “Regular CSRs can access customer records but cannot refund disputed charges or increase credit balances” and “Supervisor CSRs may increase credit balances by up to 15%.” PBAC supports creating policy statements in natural language, not code, making it possible for managers to take control of Authorization policy rather than simply leaving it to IT

PlainID’s automated solution not only simplified the card issuer’s Authorization issues, it also allowed the company and its employees to work at scale. In doing this, PlainID gave the company a more secure system and provided it with the following specific benefits:

  • An automated entitlement process that within seconds, (rather than days), supported:
    • Immediate and exact entitlements for the call center employees after completing their training sessions.
    • Immediate and exact entitlements when changing segment or role within the call center.
    • Immediate and exact entitlements for all promotions
    • Immediate entitlements removal upon off-boarding 
  • Full visibility of the Authorization process, allowing management to ensure that Authorization procedures made business sense as well as provided security
  • Over 90% reduction in policy-based decisions --  from approximately 15,000 to 30
  • 70% reduction in Authorization-related operations by the security team, freeing them to address actual cyber threats rather than implement a fragmented security policy

Read the Whitepaper:  5 Myths About Policy-Based Access Control

PlainID Delivers Policy-Based Access Control

PlainID recognizes the frustrations of businesses struggling to understand, incorporate, and best implement Identity and Access Management (IAM). The PlainID PBAC Platform, enables rapid business growth by connecting legacy technologies with the latest and most advanced authorization technologies. With PlainID, a simpler, forward-thinking approach to Authorization is at your fingertips, and you can move from static to dynamic, from repository-based access to virtual token-based access, and perhaps most important, advance to Policy-Based Access Control (PBAC).

Click here to arrange for a demonstration. 

Most popular posts