Lehman Brothers puts identity in a vise grip

Total Access Control eases account management and tightens access

All it takes is one disgruntled former employee with access to sensitive customer data to wreak costly havoc. To counter this risk, the investment bank Lehman Brothers recently implemented TAC (Total Access Control), a companywide user-access rights-provisioning system and enterprise identity management system.

Started in 2002, the project is grand in scope: Lehman Brothers has more than 19,000 employees spread across hundreds of business units on three continents, and several hundred business-critical applications.

"Our security goals were ambitious, since the employee base represented more than 400,000 unique user accounts across our IT resource base," said Tom King, chief information security officer. "We needed to tightly manage each employee with permission to specific applications and data, while denying access to unauthorized personnel."

Lehman Brothers built TAC around Thor Technologies' Xellerate Identity Manager, which automatically manages users' access privileges across the enterprise and throughout the entire identity management lifecycle.

The effort paid off. The time it takes to set up new user access accounts has shrunk from five days to 20 minutes; denying user access has been reduced from one week to a mere 60 seconds. The project also significantly eases the company's ability to adhere to regulatory mandates, including Sarbanes-Oxley and the Gramm-Leach-Bliley Act.