Thanks to the complete functional coverage offered by its IAM platform, Ilex International is supporting Natixis in covering all of its adaptive and multi-factor authentication, access control, Single Sign-On (SSO) and identity federation requirements.
The solution implemented:
Sign&go Global SSO
Strong and adaptive authentication, access control, global SSO (Web SSO and eSSO), identity federation and mobile SSO
The challenges
- Standardise and pool the IS access control infrastructure
- Adapt the authentication processes to the usage context and the risks
- Improve the user experience on accessing their applications
Natixis: a company committed
to the security of its IS
Natixis is a French financial establishment with an international presence, specialising in asset and wealth management, finance and investment banking, insurance and payments. A subsidiary of Groupe BPCE, the 2nd largest banking group in France through its Banque Populaire et Caisse d’Épargne networks. Natixis has nearly 16,000 employees across 38 countries. It offers support and advice to its own clients including businesses, financial institutions and institutional investors, as well as to clients from networks of the BPCE Group.
Cybersecurity is a major issue for Natixis: it has more than 150 security experts working daily in its IT department. Of these, around twenty are dedicated exclusively to subjects relating to identity protection and access control.
In 2017, Natixis launched the «Global Adaptive Access Platform» (GAAP) program, the aim of which is to centralise and reinforce the security of access to its IS and to reduce the risk of identity theft, but also to offer ergonomic and innovative methods of authentication to all of its users.
The “Global Adaptive Access Platform” (GAAP) program: a central, global and scalable access control platform
The aim of the GAAP program is to build a global IS access management platform meeting all of Natixis’ requirements in terms of adaptive and multi-factor authentication, access control, SSO and identity federation.
It involves putting in place a security platform to define all authentication paths and rules for controlling access to the company’s applications, while ensuring an optimum user experience. The guiding principle of the program was to combine security, ergonomics and innovation.
This ambitious program was also, for Natixis, a guarantee of compliance with the numerous regulatory requirements to which the company is subject (PSD2, French Military programming law (LPM), etc.).
« At Natixis, we had several solutions available to handle the various issues relating to access management. This generated considerable costs for the company and complicated operations, since several infrastructures were affected. We were looking for a solution able to cover all of our usage scenarios in terms of authentication and SSO, whatever they may be. In a way, we needed to replace 4 or 5 different solutions with just one solution! The GAAP program came about as a result of this desire to modernise the existing system and enjoy a 360° view of all access to our IS. However, covering all usage scenarios for Natixis users, applications and work environments was a complex project which needed to be tackled methodically. »
The choice of the Ilex International
Sign&go Global SSO solution
for complete functional coverage
It was following a full and detailed Proof Of Concept (POC) that Natixis opted for the Ilex International Sign&go Global SSO solution.
« We trusted Ilex International and Synetis with our program for several reasons. Firstly, their experience on numerous projects of varying sizes and their knowledge of the banking sector were considerable advantages. The POC allowed us to assess not just the flexibility and the functional coverage of the solution, but also the reactivity of the vendor’s R&D teams. Our teams worked side by side, and this collaboration truly did yield results: our many technical requests and complex usage scenarios were taken into account, and at the same time allowed Ilex to optimise its solution. Sign&go Global SSO is a flexible, innovative and very complete solution, guaranteeing an open and interoperable technological response to all our usage scenarios. This is the exact strategy of Natixis: to reinforce access security while adopting an agile, adaptive and open model to form an integral part of the group’s digital transformation. »
Sign&go Global SSO is a unique solution on the market as it offers, via a centralised architecture and administration, all features from multi-factor and adaptive authentication to identity federation, by way of enterprise SSO, Web Access Management and mobile SSO. It’s a true “Authentication and federation hub” which takes into account the full range of existing authentication means, whichever environment is used (Workstation, Web or Mobile) to secure the applications.
An access control and authentication platform
behind numerous strategic projects
Once the access control platform was implemented, the GAAP program allowed several strategic projects for Natixis to be planned and rolled out.
« We started with authentication management for our employees on Office 365, whether access was from within our premises or outside, on a workstation, a portable computer or a mobile. This project allowed us to quickly highlight the added value of the solution, and in particular SSO, since it affected 22,000 users. »
To continue, Natixis used GAAP to roll out several authentication methods such as biometrics, SMS or email OTP, or authentication via mobile notifications, for employees working on portable computers. More than 12,000 laptops were affected.
GAAP also allows the IT department to respond to a considerable challenge: the increasing number of digital services (web portals or applications). In fact, thanks to the implementation of a reference access infrastructure, Natixis has been able to adopt a “security by design” approach and standardise the access paths to Natixis applications and portals. The business departments can thus simply delegate the security functions, in particular strong authentication, SSO and access control, to the platform.
« At the end of 2019, more than 200 applications have been connected to the GAAP platform. We have easily been able to standardise our authentication paths and make it easier to create new services without having to reduce security. GAAP is an access platform which genuinely allows access control to be adapted based on pre-determined criteria. This allows us, for example, to increase the level of security on sensitive applications or in a high-risk context. »
A complete IAM roadmap
to cover all usage scenarios
The GAAP program will shortly incorporate access management for the 10,000 professional clients of Natixis, and in particular authentication on their Natixis applications, as well as the validation of their transactions through authentication via mobile notifications.
« We are currently working on the “Kill The Password” project, which aims to counter identity theft attempts by definitively eliminating the use of passwords in banking applications. This project, currently in the pilot phase, will in time provide all of our employees with more secure and more ergonomic authentication methods than a password for logging in to their workstations and their applications. We want to secure, innovate and simplify work for users on the move. This is also our job: designing solutions adapted to the real lives of our employees! Security must reflect the reality in the field if it is to be adopted by everyone! »
Synetis is a consulting company specialising in ISS (Information System Security). Synetis provides companies with consultancy and expertise services on functional and technological levels, in order to secure their IS globally, by: Organising and driving their information system security (ISS Governance), Controlling identities, authorisations and access to their information system (IAM, IAI, IAG), Protecting information and preventing critical data leaks, Managing their digital trust cycle.
The benefits
- User ergonomics and convenience
- Reinforced security adapted to the context
- Compliance with regulations