Fotolia

IAM central to Deutsche Bank’s digital transformation

Deutsche Bank is using a centralised identity and access management (IAM) system and an application program interface (API) architecture for digital transformation

Centralised identity and access management (IAM) is a key enabler for Deutsche Bank’s digital transformation, the European Identity & Cloud Conference 2016 in Munich heard.

This approach – along with an application program interface (API) architecture – is enabling the bank to integrate up-to-date and legacy systems to meet the expectations of the Google generation, according to Berthold Kerl, the bank’s European chief information security officer.

In addition to customer expectations of similar experiences with online and mobile banking as they have with Facebook and Google, he said legacy systems and banking regulation are challenging.

But Deutsche Bank saw the need for digital transformation early and committed €1bn to 2020 in support of the process.

The bank has innovation labs in Berlin, London and Silicon Valley aimed at continually improving the user experience.

“We had an app for the Apple Watch from day one, for example, and this year will introduce multi-bank aggregation facilities to enable customers to access several banks, not just Deutsche Bank from a single app,” said Kerl.

Read more about digital transformation

'Gluing' systems together

Other recent innovations include online video authentication to enable the bank to convert a prospect to a customer from application to authentication and enrolment in eight minutes.

One of the biggest challenges in the digital transformation process, said Kerl, is combining new systems for customer engagement, which the bank has tackled by transitioning to an API-driven architecture to facilitate integration, also known in the bank as the “glue”.

Services created for this architecture are termed “full glue” services, while existing services that have been adapted to use this API-driven approach are termed “glue-ready”.

The bank built its centralised identity and access management (IAM) system – known as global access management or 'Gama' – using standard products with some customisation, said Kerl, to ensure standardised and secure access to systems.

Centralising IAM as policy

The Gama system enables the bank to ensure role-based access to systems, provide single sign-on, eliminate segregation of duties violations and carry out access rights management and regular review, as well as revoking rights when employees change roles or leave the bank.

“We are in the process of centralising identity and access for all apps, as well as introducing brokered access to systems for all administrators,” said Kerl.

“This means that no administrators will have direct access to systems, enabling us to approve, record and monitor all access requests and more easily detect fraud.” 

Deutsche Bank has a similar approach for cloud services, using a cloud-based identity service that enables the bank to manage all cloud access centrally, in line with policy

“Digital transformation is what enables the bank to remain competitive – but we have had to do lots of hard work behind the scenes to enable an end-to-end experience in line with customer expectations,” said Kerl.

Read more on Privacy and data protection