Rebuilding Identity Access Management for the 21st Century
Executive Sponsor: Medha Bhalodkar, CISO
Project Team: Chuck Eigen (IT Security & IAM Program Director), Chris Dowden (Director, IAM Management), R. Andrew Johnston (Mgr. IAM Technical Team), Jeff Eldredge (Mgr. IAM Lenel & Functional Team), Neil Meyer (Functional team & BA), Dan Ellentuck (Developer), August Visco (Developer), Ben Beecher (Developer), Mohammed Rahman (Developer), Mike Morales (Lenel Systems Lead), Steve Cramer (Lenel Systems Lead), Charlie Wu (Enterprise Active Directory Engineering), Marly Miller (Business Analyst), Phil Blake (Mgr, Client Device Engineering), Niles Patel (Mgr, Email Systems), Dan DeStefano (Email Systems Lead)
Location: New York, NY
At Columbia University, with history of 264 years, IAM had evolved as needed. IAM included Open LDAP, 880,000 users in Kerberos for authentication, 28 Active Directories at schools, and Lenel physical access system across campus, all operating in silos making it difficult to ensure secure, synchronized IAM across Columbia.
In the last 18 months, in this project, we built secured Enterprise Active Directory (EAD) consolidating individual ADs with unified authentication, added MFA, implemented web applications SSO, provided group management, supported Shibboleth (SAML) for industry SSO, linked IAM to physical access management system Lenel, and achieved InCommon “SIRTFI” ID flag status.
Early Vulnerability Detection System (EVDS)
Executive Sponsor: Douglas Falduto, VP, Admin & Chief Security Officer
Project Team: Enterprise Architecture: Alan Leung (Director), Niraj Patel (Manager), Pranshi Gupta (Security Analyst), Information Technology: Kumuda Gogineni (Manager), Srinu Paloju (Technical Test Lead), Mike Schimpf (Manager)
Location: Newark, NJ
In cyber security, the earlier vulnerabilities are detected, the less costly they are to remediate. The Early Vulnerability Detection System (EVDS) identifies vulnerabilities throughout a project lifecycle and facilitates development of multiple levels of defenses within our applications. The EVDS is a combination of people, process and technology that fully adjusts to the polymorphic nature of current technology solutions. Security recommendations are delivered via the basic elements of a standard project: business requirements, architecture design and test cases. The EVDS has already identified and remediated multiple critical vulnerabilities that would have resulted in catastrophic breaches.
Cyber Strong Behavior Program
Executive Sponsor: Jesus (Laz) Montano, CISO
Project Team: Todd Campbell (AVP), Karen Croake (Information Risk Consultant), Tess McCarthy (Information Risk Consultant)
Location: Springfield, MA
MassMutual’s Cyber Security Awareness program enabled the company to establish a Cyber Strong culture through the implementation of a data driven behavioral recognition and repercussion program. The program established a menu of highly visible solutions that could be deployed to recognize positive employee behaviors reported by peers or identified through technical monitoring capabilities. Phishing resilience as well as malware and data loss monitoring capabilities were utilized to assess negative employee and contractor behaviors. Associates who were found to exhibit behaviors that put the company at risk, such as clicking on malicious links, were addressed using pre-defined design patterns in collaboration with Human Resources. By championing positive behaviors and addressing negative behaviors, the company highlighted the criticality of protecting the company’s valuable digital assets and enabled all associated to keep security front of mind.
DMARC Email Security
Executive Sponsor: Pietr Lindahl, Sr. Director, Cyber Strategy, Architecture, Engineering, & Integration
Project Team: Cynthia Koens (Director, Security Integration), Shaun Gillesen (Manager, Security Engineering)
Location: Andover, MA
The goal of the DMARC Email Security project was to implement Domain-based Message Authentication, Reporting & Conformance (DMARC) across Philips’ email domains and enforce blocking emails that do not comply with DMARC policies. Utilizing Valimail solutions in their DMARC-based system, Philips is able to protect their brand from fraudulent email spoofing, prevent phishing, enhance email delivery, and enhance regulatory compliance.
Identity Access Management (IAM) Project
Executive Sponsor: Parthiv Shah, SVP & CISO
Project Team: Ray Malak (Security Monitoring Manager), Azai Ighodaro (Security Analyst)
Location: New York, NY
The goal of Signature Bank’s Identity Access Management (IAM) Project is to automate the user’s access review re-certification for 118 applications running in production twice a year for 1400 employees and 500+ consultants as a regular user and quarterly for privilege users. It is able to automate terminations, provide transfers, grant new access and onboard users through workflow and approval process. This project streamlines H.R., BankOps, IT, Information Security and over 118 applications translating to over 200+ platforms, 3000+ accounts (employees, consultants, privilege accounts and services accounts) and related workflows.