Success Story

Introduction of a New IAM Solution at Thüringer Aufbaubank

In Garancy®, roles are aligned with specialist skills, jobs and functions. This allows Aufbaubank to implement their principle of only assigning rights for specific roles. This means that any two employees with the same job description also have the same access rights and are assigned the same specialist role.

One of our top priorities was to find a solution that delivers excellent usability and meets all current and upcoming requirements of MaRisk and BAIT – as far into the future as possible. That’s why we opted for a software solution from Beta Systems, not least because a number of other banks already work with Garancy® and recommended it to us.

Thueringer Aufbaubank Logo
Tommy Grimmer
Head of IT Control Department, Thüringer Aufbaubank

Initial Situation

As a rule, the regulatory requirements of MaRisk increase over time. The previous IAM solution used by Thüringer Aufbaubank was no longer able to keep up with this. That’s why the company decided to replace their system and has been working with Garancy® Identity Manager since 2019. One of its key features is that it specifically supports a role-based concept, which makes it easy for the insurer to apply their principle of “no right without a role.” At Thüringer Aufbaubank (TAB), the days of using checklists to define who needs what authorizations for which IT system and when are long gone.

The bank, including all subsidiaries, has around 800 employees, most of whom work at the main site in Erfurt. Aufbaubank had already introduced a central tool for identity and authorization management as part of their IT governance initiative in 2016. However, in light of new and upcoming MaRisk and BAIT regulation, it became clear after just one year of operation that the software was not cut out to meet future regulatory requirements.

Challenge

An audit in accordance with Section 44 of the German Banking Act (KWG), mandated by BaFin and conducted by Bundesbank auditors, confirmed TAB’s assessment and provided the final impetus for taking a new approach: The previous IAM concept had to be reconsidered, and a new solution needed to be found. Tommy Grimmer, Head of the IT Control Department at Thüringer Aufbaubank: “One of our top priorities was to find a solution that delivers excellent usability and meets all current and upcoming requirements of MaRisk and BAIT – as far into the future as possible. That’s why we opted for a software solution from Beta Systems, not least because a number of other banks already work with Garancy® and recommended it to us."

Implementation

Rights are only requested via roles: In the first step, the 2019 project team mapped all previously managed authorizations to the new Garancy® Identity Manager system. In the second stage, starting in 2020, Aufbaubank redesigned the authorizations. The underlying principle was to assign no right without a role – in other words, rights are only requested via roles, and individual rights are only assigned in exceptional cases (such as temporary read/write access to project directories).

Aufbaubank has been using profiles and roles for a long time, especially in the area of case processing. So the authorization design has always driven specialist roles, “yet never to the extent or level of detail the ‘minimum access’ or ‘need-to-know principle’ would have called for,” recalls Tommy Grimmer. Clustering had already been applied at the department level, but not at the level and depth that the new IAM solution provides.

It is only with Beta Systems that the roles are truly aligned with the specialist skills, jobs and functions.

Thueringer Aufbaubank Logo
Cindy Schöneweck
Compliance Officer in IT Control, Thüringer Aufbaubank

Outcome

“It is only with Beta Systems that the roles are truly aligned with the specialist skills, jobs and functions,” explains Cindy Schöneweck, Compliance Officer in IT Control at Aufbaubank, who was hired specifically for the new IAM project.

She coordinated the introduction of the IAM system in close cooperation with the organizational department, the specialist departments and the independent IT consultant Dr. Claudia Walhorn, who has a strong track record of assisting (investment) banks with the introduction and operation of Garancy®. One of her core principles is that there should be a dedicated authorization concept for each application that includes user administration. The “Intranet” application, for example, has read, write and administration rights.

These are grouped into so-called basic, organizational, specialist or functional roles (role types) derived from the bank’s organizational structure. As a result, all employees have a basic role that governs time tracking, access to certain applications (e-mail, AD), network drives, etc. There is also a specialist role for each job description, as well as organizational roles for organizational units and cross-departmental functional roles (such as staff council).

As regards the functional areas, many employees share the same specialist role. For example, about 200 people from two major departments are assigned to about 21 specialist roles. The bank is currently mapping this division of roles in Garancy® in close consultation with the specialist departments, while also streamlining existing rights in the process.

Reduced administrative effort when assigning access rights. Aufbaubank’s principle of “no right without a role” results in the following workflow: Any two employees with the same job description also have the same access rights and are assigned the same specialist role.

For each new employee, the rights they require to perform the tasks assigned to them are selected from an existing set of rights and roles. The defined roles thus simplify rights assignment. Everyone is assigned the basic, specialist and, where appropriate, organizational and functional roles that reflect their future profile in the company.

This significantly reduces the administrative effort involved in assigning rights.

Customer

Thueringer Aufbaubank Logo
Year of foundation
1992
Head office
Erfurt
Sector
Financial service provider
Thüringer Aufbaubank
Gorikstraße 9
99804 Erfurt
Germany

Tags

IAM

Share

Further Resources

Blog Article
it_operations.jpg

Empowering Non-Technical Users: How IT Democratization Drives Business Success

Empowering non-technical users is becoming a game-changer as enterprises across industries embrace hybrid IT environments. This shift presents exciting opportunities and unique challenges, from managing disconnected on-prem systems to orchestrating complex cloud-native solutions. By leveraging centralized orchestration and automation platforms, businesses can drive innovation and efficiency, underscoring how IT democratization fuels success in today’s competitive landscape.
Blog Article
soap-blog.jpg

What Is SOAP?

Unlocking the Potential of Service Orchestration and Automation Platforms
Blog Article
automation.webp

Maximizing Efficiency with Event-Driven Automation

Automation is becoming increasingly indispensable in modern organizations, driving efficiencies across departments and fields from infrastructure to DevOps. However, while most companies recognize the potential benefits of automation, many still struggle to make the most of it. Fragmented processes, disconnected tools, and poorly defined objectives often prevent organizations from reaching full automation potential. Here, we’ll explore a strategic approach to building a mature automation framework that enables seamless, efficient, and scalable operations.