Mark Williams, Director of Sales EMEA, AMAG Technology reveals how a large national bank consolidated its security with AMAG solutions.
A full-service bank with operations spanning numerous states across the US and several international offices found itself in an all-too-common situation regarding its access control solution — too many different systems. The bank needed a cost-effective enterprise solution to change over and upgrade 71 sites and several disparate databases.
With many of its access control systems reaching end-of-life, it was time to find one that would work for all locations. The bank chose AMAG Technology’s Symmetry Access Control system for its ease-of-use and minimal service upkeep. By utilising AMAG’s SR retrofit option, the bank not only considerably reduced costs when replacing their legacy hardware but also upgraded technology and achieved some needed integrations as well. The Symmetry Access Control solution helped centralise operations, reduce compliance vulnerabilities and cut costs during a massive overhaul of their security’s software and hardware.
The project was completed in phases. The bank’s integrator increased the number of access control readers for each site, compiled site surveys and did the preprogramming and inventory of the parts and pieces. Most sites were transferred over to the new system in a day, but the larger sites with 100 or more card readers took a bit longer.
The project touched retail and administrative physical locations nationwide. While converting all the locations over, the bank consolidated 16 access control systems to Symmetry and that touched 71 sites, 200 access control panels, upgraded 1,100 card readers and approximately 15,000 cardholders. The project was completed in 12 months and with the proper planning in place, no site took longer than four days.
Several sites were using a Casi Rusco Picture Perfect system that urgently needed replacing and many others that were in dire need of upgrades. Some systems were very old with no support left and no expertise, because of age; and the platforms had compliance issues from an IT perspective.
It was also important to upgrade for regulatory and compliance reasons. The Symmetry solution allowed them to provide the required reporting from a centralised location instead of 16 different locations. Before, any time reporting was needed, the bank had to visit different systems; now they can better answer those requests, show they are in compliance and who has access to what. The bank can pull reports from one system – Symmetry – saving time and money while meeting compliance requirements.
Concerns over data security and privacy also led to a consolidation of the database as well. They needed to ensure access was granted only to those who needed it, therefore they performed a large database clean-up. There were a few sites that had more than 10,000 users and they cut the number of users down to 2,000.
As the rollout of the upgrade progressed, the bank not only added panels and readers as needed, but also upgraded technology and achieved some much-needed integrations — including laying the foundation for future plans. The resulting solution includes multi-class readers with several different card technologies, as well as biometrics in certain environments, such as higher security areas requiring two-factor authentication.
The bank plans to install AMAG’s Symmetry CONNECT identity management system to assist with onboarding, offboarding and access request changes, which will help it meet more compliance regulations. Symmetry GUEST visitor management is slated after CONNECT to automate the visitor process, creating an audit trail which is also necessary for compliance.
Taking it to the next level
New employees are often given a credential that allows them access to significantly more areas of a building than they need to perform their job, creating a risk. Using an identity management system, such as Symmetry CONNECT, banks can implement theleast privileged access approach, which gives employees access to only the areas they need to perform their jobs.
If an employee wants or needs access to additional areas (or buildings), the employee can request access. Access is granted for a predetermined amount of time and is automatically deactivated when the time limit expires. The identity management system logs all requests and provides an audit trail to prove compliance. Financial institutions can match up timeframes with regulations to meet compliance.
Each department within a bank works with different files and uses its own standards to complete work. Based on the security program’s rules, the security team should know exactly who within the department should have access to the files, who outside the department is accessing those files and monitor who tries to get access to those files.
Banks must monitor all card swipes in areas where physical account data resides. Anyone from outside that section of the building or another department could possibly be fishing for that data.
Transitioning to mobile
Banks are finding they no longer want to issue physical cards and prefer to issue credentials remotely due to their many distributed branch offices. With distributed workforces and the new pandemic requirements organisations need to meet, credential management is easier and faster. Financial institutions are tired of managing credentials; they are costly, employees forget or lose them and issuing and replacing them involves labour and employees physically picking up a card. Employees rarely forget their phones.
With a mobile solution, such as AMAG’s Symmetry Mobile, badges are issued automatically, removing the need to distribute a physical card or interact with the badging office. The onboarding process is streamlined and employees can upload their own photo.
Mobile solutions support facial and fingerprint biometrics, providing another layer of security and ensuring the owner of the mobile phone is the one unlocking the door.
In today’s current work environment, Symmetry Mobile’s health questionnaire allows each branch location to screen employees before entering the building, supporting COVID Return to Work guidelines. If an employee answers the questions correctly, they are allowed into the building. If not, their credential is denied for a period of time, such as 24 hours. Organisations can customise the questions to meet company requirements.
Heavily regulated industries like banking must maintain compliance or risk expensive fines. The health questionnaire provides an audit trail to help meet compliance.
Banks can control which devices may be used in compliance with corporate policies. Built-in device control replaces the need for expensive mobile device management products. Having management capabilities within Symmetry Mobile means there are no other applications or policies being loaded onto employees’ personal devices, which may create privacy concerns. Banks can block certain mobile device manufacturers, beta operating systems, or even specific devices through a centrally managed portal.
Mobile applications are for financial institutions using mobile devices or in conjunction with physical credentials for users who are transitioning to a mobile system. AMAG’s Symmetry Mobile works with Symmetry Access Control, as well as other access control systems, providing a seamless, efficient and cost-effective solution for enterprise users deploying more than one system.
Upgrading to the latest technologies helps financial institutions meet compliance requirements and eliminate expensive fines. Not only do up to date access control systems provide a solid foundation for an overall security system but adding identity management and mobile solutions provide increased ways to save money on cards and labour, meet COVID requirements, improve business processes and increase efficiencies to help mitigate risk, reduce overall cost and provide peace of mind.
For more information, visit: Unified Security Solutions | AMAG Technology
This article was originally published in the October 2021 edition of International Security Journal. Pick up your FREE digital edition here