User management was a difficult and time-consuming task at Swisscard. The Swiss credit company had to handle access rights to approximately 200 applications manually. A simple request from the business to give a new employee the same access rights as an existing employee required the IT team to first determine the existing access rights, and then laboriously apply them one by one to the new person. Withdrawing access rights when an employee switched departments or left the company was equally difficult and presented a potential security risk. Swisscard wanted to standardize and, where practical, automate the provisioning and deprovisioning of users. Most important, Swisscard wanted to ensure easier and more efficient compliance with regulations. The company needed to comply with a large number of local and international regulations, and access rights to data and systems needed to be fully auditable. Read more here: https://www.netiq.com/success/stories/swisscard.html

1. S U C C E S S S T O R Y
Swisscard Saves Time and Effort
in Managing User Access
Executive Summary
INDUSTRY DESCRIPTION
Swisscard is a joint venture between
Credit Suisse and American Express.
Headquartered near Zurich, Swisscard
employs approximately 650 people and
acts as a service provider, handling credit
card business for Credit Suisse across
three brands: Visa, MasterCard
and American Express.
BUSINESS SITUATION
User management was a difficult and
time-consuming task at Swisscard.
The organization lacked a consistent
set of enterprise-wide processes
and platforms. Administration of
access rights was a challenge.
THE NETIQ DIFFERENCE
Swisscard selected Identity Manager,
Access Manager™ and Sentinel™ to
provide automated, audit-compliant
management of users and access rights.
PRODUCTS AND SERVICES
Identity Manager
Access Manager™
Sentinel™
IT Consulting
User management was a difficult and
time-consuming task at Swisscard.
The Swiss credit company had to
handle access rights to approximately
200 applications manually. A simple
request from the business to give a
new employee the same access rights
as an existing employee required the
IT team to first determine the existing
access rights, and then laboriously apply
them one by one to the new person.
Withdrawing access rights when an
employee switched departments or
left the company was equally difficult
and presented a potential security
risk. Swisscard wanted to standardize
and, where practical, automate the
provisioning and deprovisioning of users.
Most important, Swisscard wanted
to ensure easier and more efficient
compliance with regulations. The
company needed to comply with a
large number of local and international
regulations, and access rights to data and
systems needed to be fully auditable.
The Solution
Swisscard selected Identity Manager as
the basis for its identity management
environment, using Access Manager
to provide single sign-on services
and Sentinel™ to monitor and audit
compliance to guidelines and processes.
“As part of the selection process, we
looked closely at market analyses,
allowed manufacturers to present their
solutions and spoke to several different
manufacturers’reference customers,”said
Stefan Fischer, IT architect at Swisscard.
“The basic functions of all the different
solutions were quite similar, but we
wanted a tool that could be used by
nonspecialists without sacrificing any
power or functionality. In our opinion,
Identity Manager provided the most
intuitive and powerful solution.”
Swisscard undertook a phased
rollout of its identity management
solution, working with consultants
AECS
swisscard

2. Worldwide Headquarters
1233 West Loop South, Suite 810
Houston, Texas 77027 USA
Worldwide: +1 713.548.1700
U.S. / Canada Toll Free: 888.323.6768
info@netiq.com
www.netiq.com
http://community.netiq.com
For a complete list of our offices
in North America, Europe, the
Middle East, Africa, Asia-Pacific
and Latin America, please visit
www.netiq.com/contacts.
Follow us:
and local partner SkyPRO AG to
ensure the rapid and effective
deployment of the new software.
The combined project team used
Identity Manager to create a central
user repository that draws data from
Swisscard’s leading human resources
system and synchronizes it across all
corporate systems. Swisscard created
a set of business rules to govern
the assignment of access rights to
employees, including the definition
of approximately 100 business roles.
Identity Manager grants some rights
automatically, while users request
other rights that managers and
IT then approve and assign using
defined workflow processes with
respect to company guidelines.
Access Manager provides single sign-
on access to the main web-based
applications at Swisscard, so users no
longer need to remember dozens of
different credentials. Sentinel monitors
and logs all activity across the corporate
network and links it back to information
held in Identity Manager, enabling
faster and easier compliance with
audit regulations. Swisscard plans to
extend its use of Sentinel, making it
the cornerstone of its future security
information and event management
(SIEM) architecture.
Automated User Management
Identity Manager now automates
most user management tasks for
Swisscard. In addition to saving an
estimated 20 percent effort and
freeing up Swisscard’s IT team to
focus on more valuable tasks, the
solution ensures that changes in the
organizational chart are rapidly and
reliably reflected in the network.
“Identity Manager saves us considerable
time and effort in managing user
access to the company’s information
resources,”said Fischer.“The solution
gives us a clear, auditable view of
users and access rights, all managed
from a single point of control.”
When an employee leaves the company,
Identity Manager automatically revokes
all relevant access rights, closing
potential security holes and eliminating
the effort previously required to track
down and delete orphaned user
accounts. The solution also makes
it easier to comply with external
regulations by providing complete and
accurate reports on user access rights.
“The solution has become the
nerve center for user management
at Swisscard,”said Fischer.
Learn more today by contacting
your NetIQ partner or a local NetIQ
sales representative, or by visiting
www.netiq.com for contact
information in your area.
“... we wanted a tool
that could be used by
nonspecialists without
sacrificing any power
or functionality.”
Stefan Fischer,
IT Architect,
Swisscard
NetIQ, the NetIQ logo, Access Manager, and Sentinel are trademarks or registered trademarks of NetIQ Corporation in the USA.
All other company and product names may be trademarks of their respective companies.
© 2013 NetIQ Corporation and its affiliates. All Rights Reserved. CSS90033SWSC PO 03/13 F