The Client Overview
I&M Group is a leading Corporate Group in East Africa and has a major presence across Banking, Insurance, and Real Estate. The Group offers a full range of personal, business, and alternate banking services through its presence in Kenya, Tanzania, Rwanda, Mauritius, and Uganda. I&M Bank was founded in 1974 as a financial services company and later became a commercial bank. It is now a wholly-owned subsidiary of I&M Group and is a publicly listed company on the Nairobi Securities Exchange.
This multinational bank is among the leading players in the financial services sector of East Africa, operating as I&M Bank Limited, I&M Bank Tanzania Limited, I&M Bank Rwanda PLC, and I&M Bank Uganda Limited, four independent units across East Africa.
Background and Key Challenges
Securing the Bank’s infrastructure can become very overwhelming without the appropriate cybersecurity processes. Cybercriminals can effortlessly infect networks with ransomware, and careless insiders can make errors. With a strong presence in four countries, a huge network of branches, and a large customer base, the Client increasingly faced cybersecurity challenges with complexities in managing privileged access. The inherent risk arising from the possibility of poor privileged password practices, and credentials being embedded in devices and never changed, shared, and reused credentials across systems, was very high. There was a need for a robust Privileged Access Management (PAM) solution, offering asset and vulnerability management, behavior analytics, strong security, and operational efficiency in addition to complying with regulatory requirements.
Key Challenges included
- Risks to security: With several privileged accounts across different geographies, it was difficult to monitor activities closely and enforce controls. This situation led to the possibility of sensitive resources getting exposed to unauthorized access.
- Lack of Real-time visibility and alerting: Without centralized visibility into the activities of privileged users, timely detection of suspicious activities became challenging. The cybersecurity team faced challenges in responding proactively to potential security threats without real-time alerting.
- Error with manual passwords: The existing password management was done manually and was error-prone, resulting in difficulty for the security team to maintain a secure environment.
Goals
- Effective Password Vaulting and Management to securely store privileged account credentials.
- Ensuring Multi-Factor Authentication for an additional layer of security to privileged access.
- Set up real-time session monitoring and management to alleviate the risks of unauthorized access.
- Establish real-time visibility and monitoring for identifying and promptly responding to threats arising from compromised credentials.
- Ensure Disaster Recovery and Emergency Access.
- Establish comprehensive auditing and reporting capabilities.
The Solution: Inspira Enterprise Approach
To address the challenges, I&M Bank partnered with Inspira Enterprise, a global cybersecurity risk management service provider with deep experience in implementing large-scale cybersecurity deployment programs and expertise in delivering modern AI/ML-based SOC.
Inspira’s team of cybersecurity experts reviewed I&M Bank’s existing security architecture and network, across the four locations and derived the SOW, PQ, and TQ for the successful rollout of the projects. The team evaluated the situation and knew it had to reduce risks, improve user experience, drive operational efficiencies, and enable compliance with regulatory requirements. To achieve this, the Inspira team designed a highly reliable and robust architecture to offer 24x7x365 availability. The solution addressed protection against accidental or deliberate misuse of privileged access by streamlining the authorization and monitoring of privileged users. Inspira partnered with BeyondTrust to offer their Privileged Access Management (PAM) Solution to the Client. The solution offered was scalable to include access management for remote employees and third-party (vendor) monitoring,
Password Management
By leveraging BeyondTrust’s Password Safe, the security team could create a complete password manager solution that provided secure discovery, auditing, and monitoring for privileged credentials across the banks. Privileged credentials were securely stored with the elimination of shared passwords and their reuse, with the risk of unauthorized access significantly reduced.
Real-time Session Monitoring and Management:
BeyondTrust Password Safe enabled visibility of user activities and monitoring of all privileged credential activity and sessions for compliance and forensic review. The solution also enforced security best practices over all privileged credentials to prevent password reuse and other threats.
Multi-Factor Authentication (MFA):
The Inspira team implemented BeyondTrust Remote Support using Time-based, One-Time Passwords (TOTPs) to add an extra layer of security for privileged access. Even in the event of passwords getting compromised, MFA could prevent unauthorized access.
Least Privilege Access:
Here, Beyond Trust Endpoint Privilege Management was used to complement least privilege access with advanced application control. The attack surface was condensed with the elimination of lateral movement. It elevated privilege to known and trusted applications and provided users with just enough endpoint privilege to complete their tasks.
Monitoring, Auditing, and Reporting:
Beyond Trust Privileged session management and monitoring (PSM) was used to detect suspicious activities and efficiently investigate risky privileged sessions on time. With the solution’s auditing and reporting capabilities, detailed reports for regulatory compliance were generated.
Benefits of the Solution
The implementation of BeyondTrust PAM solutions delivered significant improvement in enterprise-wide security for all four banks of the Client.
- Enhanced Security Posture: The Client was able to secure privileged users, critical assets, and sessions across the enterprise in all four locations.
- Easy Password Management: With automated reporting and audit capabilities, it was easy to audit and manage every privileged account including privileged user passwords, app-to-app credentials, service accounts, and DevOps secrets, among others. By storing, managing, and rotating privileged account passwords, embedded credentials were eliminated ensuring password strength.
- Higher Employee Productivity: With centralized control over privileged accounts and the streamlining of the authentication process, user productivity was enhanced, while reducing the admin overheads.
