The client is one of the leading global banks, operating in more than 20 countries, with base in the Nordics. Currently expanding through geographical expansion into new markets. The institute has nearly 12 000 employees. Providing full set of financial services, for its corporate and private clients, at an value of over 40 bSEK per year.
The main purpose of the pre-study was to identify measures to minimize the risk for IT production outages caused by invalid certificates.
Historically the Bank has been exposed to severe IT incidents where extraordinary interventions were requested to exchange invalid digital certificates within short notice.
The importance of availability and IT security is increasingly important in risk assessments by governmental authorities.
Being a successful actor in the market place requires ability to integrate and leverage partner services in a safe and efficient manner.
Over the years use of external certificate providers has been increasing rapidly. As well as numbers of internal and external certificates. The internal digital certificate expertise is spread on a number of functional and technical areas.
The approach applied during the pre-study targeted in identifying and implementing quick-wins course of the project. Examples (none exhaustive) were establishment governance forum, cross-functional and technical teams to drive strategic and tactical solutions for improving delivery of PKI-services.
The risk assessment identified external provided certificates as high risk which resulted in immediate start of data cleansing and validation of certificate ownership.
A client satisfaction survey was launched which confirmed high satisfaction by user of the Private Key Infrastructure services. By establishing a Life Cycle Management processes a foundation for continuous improvements has been laid.