Initial situation
Information security is a fundamental aspect at Cecabank and technology is key to optimi- zing its information systems. Cecabank combines cutting-edge technology with strict com- pliance and high standards in terms of information security.
Over the past four years, Cecabank has worked hard on its digital transformation plans and has made significant progress in their implementation and evolution.
The Challenge
To ensure the level, quality, and security of services, all hardware and software must support digital transformation. The cybersecurity department must enhance security and meet comp-liance requirements under GDPR and satisfy internal audit requirements. Each employee is only given the access to IT systems that they need to perform their tasks in order to achieve an adequate level of security.
Implementation of _beta access (access rights management) at Cecabank
Access rights management Cecabank: Cecabank chose _beta access admin from Beta Systems because it not only met, but exceeded their requirements by providing a single simplified yet reliable overall solution for zOS security administration and audit. An added bonus was the integration with the SIEMSystem, which simplified everything significantly.
Prior to the introduction of _beta access, Cecabank processed security events (RACF SMF events) originating from the mainframe in batch mode, i.e. with a daily load. Management of users, access to resources, protection of resources, and mapping between them was done with the tools provided by the operating system.
Accessing audit data required additional effort from the zOS administration team, as they were familiar with the environment and had sufficient access rights. This posed a challenge because alerts did not reach the SIEM in real-time, and it was also burdensome to manage – administrators had to perform and control audit tasks to deliver the information to auditors.
Solution
Authorization Management Cecabank: With the implementation of _beta access, Cecabank has achieved many benefits. The IT department is now able to provide a convenient Windows interface that allows auditors to operate the system without any special RACF or zOS know-ledge. The solution enables non-technical users to review the RACF system and generate audit reports.
They can perform quick audits through a user-friendly Windows interface and create pre-configured audit reports based on actual requirements and industry best practices. With the new real-time monitoring, users receive a real-time alert whenever a critical RACF or security-related relevant event occurs.
Therefore, security breaches can be detected much faster. This leads to immediate escalation of these to predefined recipients or operational monitoring systems. The cybersecurity department is now able to receive early warnings and alerts. _beta access admin provides functions for centralized RACF management with its user-friendly ISPF interface.
A comprehensive set of functions enables the maintenance of RACF profiles while providing a transparent overview of all information to be managed in the RACF system.
