Mitsubishi UFJ Financial Group is one of the world's leading financial services groups, offering transaction banking, cash management, corporate and investment banking, real estate finance and more.
Eric Fouche is Mitsubishi UFJ Financial Group's Vice President of IT. His team is responsible for ensuring the security of all applications the company's employees use. They must create an additional complex security layer when users outside the organization need to access these applications.
Adaptable and Automated Identity and Privileged Access Security Solutions
Fouche and his team are part of a smaller subsidiary — Mitsubishi UFJ Trust and Banking Corporation — of the multinational parent company. However, the branch must follow the same audit and compliance requirements as the world's largest financial institutions.
Noncompliance in the financial services industry can result in severe penalties, legal consequences and reputational damage. Therefore, robust security measures and regular audits are a top priority. Fouche’s team operates in an environment with tightly controlled data access. Even divisions within the organization are kept separate behind glass walls.
“You're constantly under the microscope about who has access to any data — particularly customer data — and if they should access it,” says Fouche. “Every company has identity requirements, but working in a highly regulated industry really keeps you focused on it all the time, every day.”
Working within a regulated industry presented several unique challenges for this organization. It needed to maintain rigorous control over employee access to sensitive data. It also faced the complexity of granting access to external divisions not part of its active directory system.
The team had to follow these protocols under tight control while giving employees a seamless, frictionless experience. Constant scrutiny from regulators and the need to meet compliance requirements presented additional challenges.
“It is a perpetual journey and commitment of the company to realize the risks they run in this world. You have to balance good security without parallelizing your company,” says Fouche. “It's a continual business challenge we all face — not a project that you wipe your hands off when you're done and walk away.”
To address these challenges, the company turned to Bravura Security’s solutions — Bravura Identity and Bravura Privilege — to implement security and compliance tools. Robust software helped Mitsubishi UFJ streamline access management and compliance processes.
Bravura Identity helped the organization automate many aspects of user access, reducing the reliance on manual processes and spreadsheets. Fouche's team adopted best practices and integrated the tool into their daily workflow, making it instrumental in their security and compliance strategy.
“We look to the tool to see what it can do and roll out best practices,” says Fouche. “We have found that when the auditor shows up at the door, instead of them asking us for information, we are able to say, ‘Here is your mountain of information sorted in a way that should satisfy your auditing requirements.’"
Implementing Bravura Identity and Bravura Privilege significantly impacted Mitsubishi UFJ's operations. It helped the company mitigate risk and meet compliance regulations efficiently and consistently. Below are some outcomes the organization achieved by partnering with Bravura Security.
1. Transforming Audits Into Simple Requests
With standardized reports and documentation, Fouche's team could readily demonstrate compliance during audits.
"Once we generate a report, we have the data we need so that when something simple like an audit comes, there's analysis paralysis of what to do,” Fouche explains. “Then, you just document that process and do it every time. We even create a separate document with what we call our key to show. It lists the data in each column and what auditors are looking for. We give that to them every time.”
2. Automating Joiner-Mover-Leaver Processes to Remove Manual Minefields
In a closely regulated environment, automation can significantly improve efficiency and reduce the margin for error. Mitsubishi UFJ improved efficiency by automating access requests and certification reviews. This approach allowed employees to focus on more strategic tasks. By automating onboarding and offboarding processes for employees and consultants, the company minimized the risk of unauthorized access and data breaches.
Fouche and his team often get questions from leadership and other stakeholders about how they onboard particular roles like consultants. “We have a specific workflow in Bravura Identity that handles all the authorizations. My team doesn't have to manually check any of the processes, and in fact, we have that documented. We ensure the process creates an expiration date for the employment, so we have zero standing privileges for those people when they're gone.”
The organization achieved consistency in its access management and other business processes. It uniformly handled access requests and reviews by following predefined templates and workflows.
3. Staying Current With Process and Software
Security and compliance aren't one-time projects but ongoing programs. Organizations must adapt and adjust as requirements evolve. One of the team's keys to success is that it does not stop and start and stop its identity and privileged access management program. It continually moves the program forward, upgrading every two years or so.
“Obviously, I've got to work through budget hurdles and challenges like that sometimes, but my goal is to stay as current as humanly possible,” says Fouche. “When we get reviewed by the regulators — the federal government — they may come out of left field with a certain request, and suddenly that becomes your requirement. So, we must stay on top of all of that and on the product to help us.”
4. Collaboration With Partners
Maintaining strong relationships with technology vendors can help organizations reap their tools to the fullest extent. Staying current with technology upgrades and maintaining a solid vendor relationship helped Mitsubishi UFJ adapt to changing security and compliance requirements. The organization was better prepared to address new challenges as they arose.
5. Cross-Industry Learning
While every industry has unique challenges, there are common privileged and identity access management challenges transcending sectors. Learning from different industries can offer valuable insights into deploying and improving security postures.
As Mitsubishi UFJ looks ahead to the next steps, it emphasizes keeping the team on top of its business processes and improvement. Staying engaged with Bravura Security will help the team determine how other tools or updates to its existing solutions may help solve other problems. They can address these challenges without adopting more products.
By taking advantage of technology, automating processes and staying up to date with industry best practices, this organization could effectively:
- Streamline operations.
- Enhance security.
- Meet regulatory requirements.
Its journey is a testament to the ongoing effort required to secure sensitive data in today's ever-evolving digital landscape. Together, Mitsubishi UFJ and Bravura Security push the envelope to create a better product and capability to adapt to changing demands.
Bravura Security at a Glance
Bravura Security can work with you to meet your evolving access management requirements. We are the only industry leader offering privileged and identity access management across one platform. Request a demo to learn more about our solutions today.