Background: People's United Bank is the largest regional banking organization headquartered in New England. With the acquisition of the Chittenden family of banks in January 2008, People’s United is comprised of seven banks with more than $21 billion in assets, and more than 300 branches in Connecticut, Maine, Massachusetts, New Hampshire, Vermont and in Westchester County, New York. The seven banks include: People’s United Bank, Chittenden Bank, Flagship Bank, Maine Bank & Trust, Merrill Bank, Ocean Bank, and The Bank of Western Massachusetts Convenient, seven-day banking is offered in 75 Connecticut branches in Super Stop & Shop supermarket locations.
A diversified financial services company founded in 1842, People's United Bank provides consumer, commercial, insurance, retail investment and wealth management and trust services to personal and business customers. Through its subsidiaries, People's United Bank offers: brokerage, financial advisory services, investment management services, life insurance products and equipment financing services.
Challenges: In the past few years, People’s United Bank has implemented an aggressive growth strategy that includes a 2006 transition from a state-chartered savings bank to a federally chartered institution, a transition from a mutual holding company structure to a fully public company structure, and an acquisition of the Chittenden Corp, based in Burlington, Vermont, which brought the bank’s assets to $21 billion. People’s United has a user population of 4,500 employees and contractors. With this rapid expansion, through acquisition and organic growth, People’s United needed to maintain strict adherence to federal guidelines and internal business polices, ensuring that access to highly sensitive customer data is only available to those approved to view it.
This new, more complex IT environment required an overhaul of some of the bank’s existing procedures. With a manual, decentralized system, the bank was facing compliance challenges with federal banking regulations along with the Graham-Leach-Bliley and Sarbanes-Oxley acts.
“With the extensive growth the bank was experiencing, People’s United needed to solve its access control dilemma through a combination of role-based access control and automated identity and access management in order to embed strong controls and ensure least privileged access. Courion helped us achieve that goal.”
Tim Callahan, first vice president of technology risk management and chief information security office for the bank
Solution provided by Courion: By February 2007, People’s United began a dual-purpose pilot project which included the deployment of Courion’s solution in the bank’s regional banking unit to develop a phased, enterprise rollout by lines of business. This first unit contained 60 percent of the bank’s users. People’s United worked with Courion to identify and centralize entitlement management responsibilities, while business roles were researched and aligned to IT roles. By April 2007, all necessary data had been input, workflows tested, and the new system operational. Because the Courion interface is a web-based portal, all that was required for training was an email with basic instructions, and users could learn easily as they used the solution. Using the first unit implementation as a template, People’s United was able to implement Courion across other units. By September 2007, the Courion solution was handling 20 applications, up from the original four in the pilot implementation. People’s United envisions that the system will support the more than 140 branches the bank acquired in the Chittenden transaction.
“After deploying Courion’s Enterprise Provisioning Suite, the bank reduced the time it takes to provision employees from five days to just one day. We can also now decommission users with a mouse click, significantly reducing our risk exposure.”
Greg Kyrytschenko, information security manager for People’s United Bank
Summary: After only four months of working with Courion, People’s United has properly defined all roles and security and user provisioning has been simplified.
1881 Worcester Road
Framingham, MA 01701-540 USA
Tel: +1-866-COURION / 1-508-879-8400