Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Trading Technology

10:10 AM
Tim Clark
Tim Clark
Connect Directly

Password and Identity Management Strategies Begin to Take Shape

As financial services firms come to grips with the vulnerability of their IT systems, best practices around password and identityt management becomes a paramount concern.

Earlier this year, former UBS PaineWebber systems administrator Roger Duronio was found guilty of infecting the company's network with malicious code that cost the firm millions of dollars. While his conviction does little to calm the nerves of the financial services community, recent research from RSA Security indicates, however, that a rising number of Wall Street firms are addressing the vulnerabilities of their IT systems by looking to create best practices around identity and password management procedures. Though UBS did have security measures in place at the time, experts say it is possible that a more-stringent password and ID management policy could have helped the firm avert the incident.

But employing effective security measures while continuing to provide systems access to employees, customers and partners remains a challenge. "Financial services companies have to struggle with doing business over the Internet while running under the assumption that their systems are compromised," says Johnathan Penn, principal analyst, identity and security, Forrester Research. "That's a tough thing to do. They are beginning to realize they need more than just password protection."

Understanding Access Rights

Since users need to access multiple areas both internally and externally, ID management becomes difficult to track. "Organizations need to understand who has access to what," says Penn. "Having a sense of identity is an important aspect to protecting customer and corporate data and audit requirements."

Service provisioning -- managing the process of user administration -- is gaining more attention as financial services firms reexamine access rights to sensitive data. A vast majority of users, especially in the financial services community, have access to data and accounts they simply do not need, asserts Penn. "On a quarterly basis, managers can sign off on the type of privileges that their direct reports have to determine if they still need all of those privileges," he suggests.

1 of 3
Register for Wall Street & Technology Newsletters
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.