Westpac banks on virtual directory to automate access control

Toughest challenge is finding solutions that are user-friendly

The Westpac Banking Corporation is creating a Virtual Enterprise Resource Directory to manage and automate access control while ensuring information is made available on a "need to know" basis.

"This is easy to say but hard to do," according to Richard Johnson, head of architecture, research and cybercrime in Westpac's information security group.

Speaking at Gartner's IT Security Summit in Sydney last week, Johnson said a lot of money is being invested in access control.

He said the goal is automation by embedding controls and reducing manual input.

"We are working closely with business units to do this; we currently have a number of projects in place and have invested heavily in Tivoli Identity Manager for provisioning," Johnson said.

"We are trying to get a single source of truth with our electronic HR system but the first challenge is federating all systems to get a single sign-on capability.

"Our current focus is moving to role-based access control as well as self service so users can reset their own passwords; the ultimate goal is an enterprise wide directory."

Westpac has 27,312 staff and 1,063 branches which is why Johnson claims IT security spending must be based on intelligient decisions.

Formerly an accountant, Johnson said his business background has been invaluable throughout his IT security career.

"Im actually an economist but financial audits bored the crap out of me," he said adding that a secure system without functionality won't make money.

Johnson said network boundaries usse to be more clearly defined but today it has moved on to remote access, wireless and the use of third party providers.

"It has blurred the perimeter which requires a defence in depth approach; we're talking about a very rich mix of access to your systems," he said.

"This means thinking about system design and creating a range of architecture guidelines with zones of trust.

"We are organizing our assets into zones of trust with different levels of access."

In recognition of this new landscape, Westpac has made a serious investment in Intrusion Prevention Systems (IPS) with Johnson claiming the bank has created the largest IPS shop in the southern hemisphere.

"An IPS understands threats in real time it is an effective capability to have," he added.

Out of its seven million customers, 2.9 million undertake their banking online which is why Westpac continually bolsters the security of this channel.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about GartnerIPSTivoliWestpacWestpacWestpac Banking Corp

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sandra Rossi

Latest Videos

More videos

Blog Posts