Eagle Bank keeps deposits and customer data safe
- $430 million in assets
- Headquartered in Everett, Massachusetts
- Financial services
- Non-compliant with GLBA
- Difficulty enforcing security policy
- Overburdened helpdesk
- User frustration
- GLBA Compliance Met
- Strong password policy enabled
- Password reset call volume reduced
Protecting a bank’s assets by keeping them locked in a safe, while maintaining a secret combination, is no longer a means to security. In banks today, every unprotected information access device is the equivalent of an open safe. Without strictly-enforced security procedures, including strong password protection, a bank’s assets are left vulnerable. Any person with malicious intent can hack into the bank’s computer system—stealing confidential customer data or wreaking havoc on banking applications or databases—without even breaking a sweat.
The business challenge
Eagle Bank, a mutual bank with over $430 million in assets, headquartered in Everett, Massachusetts, realized through a security audit that their assets were vulnerable to hacking due to inadequate password protection. Although the bank had a strict password policy, it was finding it difficult to enforce. Employees were using a growing number of applications, many of which required a unique password for access. This made it increasingly difficult for Eagle Bank employees to remember their passwords, which led them to write down passwords and leave them in plain view on their desktops where anyone could steal them to gain unauthorized access.
Passwords were becoming a headache for the bank’s IT department as well. Employees who forgot their passwords were contacting the IT helpdesk to have their passwords reset. According to Eagle Bank CIO, Paula Chesbrough, “40 to 50 percent of our helpdesk calls stemmed from password related issues. It was taking up time that we didn’t have. Also, user frustration was increasing while productivity was decreasing because employees kept getting locked out of their systems.”
The Gramm-Leach-Bliley Act (GLBA) of 1999 finalized Eagle Bank’s decision to find a solution to its password problem. GLBA requires that customer data at financial institutions be kept secure and private. Chesbrough notes, “It’s part of our corporate mission to be compliant with GLBA. Our goal is to make sure that customer data is not compromised by unauthorized access.”
The Imprivata OneSign solution
Eagle Bank’s IT team found it difficult to implement strong passwords with at least eight characters—both alpha and numeric—with no dictionary words or user associations. The bank uses a plethora of legacy applications, which typically do not support the expansion of fields necessary to have eight-character, complex passwords.
Chesbrough and her team began looking at single sign-on (SSO) solutions to alleviate the bank’s password problems and to increase system security. Key selection criteria included ease of use and of administration, non-intrusiveness, and support for strong passwords. The team evaluated several products before choosing Imprivata OneSign®. “I looked at other solutions pretty thoroughly. When I talked with providers, I couldn’t get a sense for how their solutions would work. I found this to be troubling, because if I couldn’t understand their product, how was I supposed to administer it? Imprivata OneSign, on the other hand, is a clear cut solution that is easy to implement and has a quick learning curve,” said Chesbrough.
Imprivata OneSign also met the bank’s goal of low cost of ownership, a big plus in today’s budget-constrained environment. Competing solutions required either a high-salaried network-level administrator or an additional IT person for ongoing management. With Imprivata OneSign, Eagle Bank did not have to hire anyone to administrate the product. In fact, “Many of the SSO solutions out there actually create problems rather than solving them,” said Chesbrough. “That’s not the direction you want to go in. We were looking for a competitively-priced solution that would free up time and make our jobs easier. We found it with Imprivata OneSign.”
Currently, Imprivata OneSign is being used by employees in several departments, including operations, marketing, accounting and administration. Full deployment to Eagle Bank’s seven branch locations is scheduled for later this year. Chesbrough noted, “We were very pleased with the ease of installation, and the immediate reduction in helpdesk calls. We feel our system is much more secure, because all of the applications we use, including Web-based and legacy, are SSO-enabled. Imprivata OneSign delivered what it promised.”