Identity and Access Management in Financial Services

identity and access management in financial services

Financial services is one of the most regulated industries around. Given that financial services firms manage people’s livelihoods, it makes sense that they take security seriously. So, it’s no surprise that identity and access management (IAM) in financial services is critical to ensuring that only the correct people have access to sensitive information.

Traditional IAM in Financial Services

old officeHistorically, Microsoft® Active Directory® (AD) has been the default identity management solution in most financial services firms. AD is an on-prem directory services platform designed for managing Windows®-based IT resources like systems, applications, files, and networks. When AD was released in 1999, Windows-based IT resources such as these made up the vast majority of the networks in financial services firms. This enabled Microsoft to establish AD as the go-to identity management solution because it was effectively the only solution required to manage the firm’s entire IT infrastructure around the turn of the century.

Modern IAM in Finance

Identity Management Cloud ModernToday, there is an interesting tension in the financial services world when it comes to managing modern IT networks. On one hand, cloud technology has proven that it can provide firms with competitive advantages such as reduced cost and management overhead, while maintaining compliance with regulations such as PCI, GLBA, SOX, and many more. On the other hand, regulators are often slow to trust new technologies, and news of massive security breaches are often in the headlines. As a result, IT admins working in the financial services industry must be extremely security conscious when leveraging cloud IAM because paranoia is not retroactive.  

The challenge for modern financial services firms is that Active Directory has to be installed on-prem within their own data center and maintained by skilled personnel. Consequently, it also has to be secured by their own security programs and vigilance. To be fair, this approach wasn’t necessarily a challenge back when financial services firms were able to limit their IT infrastructure to on-prem Windows systems and applications. However, we have all come to find out that an on-prem network made up of Windows IT (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at:

Vince Lujan

Vince is a documentation and blog writer at JumpCloud, the world’s first cloud-based directory service. Vince recently graduated with a degree in professional and technical writing from the University of New Mexico, and enjoys researching new innovations in cloud architecture and infrastructure.

vince-lujan has 165 posts and counting.See all posts by vince-lujan