Reserve Bank of Australia Plans New Identity and Access Management System

The Reserve Bank of Australia (RBA) has announced that it plans to modernize its identity and access management (IDAM) operations by adding new automated measures to its current system.

To implement bank regulations, the RBA noted that it uses a combination of automated and manual processes.

The bank, however, thinks that a new IDAM platform will better “futureproof” the bank, lower the threat of illegal access to data, and assist personnel in carrying out routine operations.

Reserve Bank of Australia New Identity and Access Management System

According to RBA, “Whilst these processes are acceptable in the current landscape, additional capabilities have been identified to implement more robust controls so as to future proof and make these fully effective in their intended undertakings.”

“In order to realise this initiative, the IDAM project has been initiated, where the bank is seeking the supply of one or more products and related services to uplift this technology area,” the bank said.

The RBA has stated that it intends to have systems in identity governance and administration, privilege access management, hybrid identity with multi-factor authentication functionalities, and customer identity access management delivered as part of the IDAM project.

Even though the Australian bank is presently executing a cloud-based strategy, the request specifies that the solutions must have a low on-premise footprint. It also does not indicate if the solutions must be entirely in the cloud.

The chosen provider will sign a contract of 18 months with the option of a support contract for 3 years. The project is scheduled to begin in November 2021, with a completion target of April 2023.

Susan Woods, RBA’s Assistant Governor of Corporate Services, explained that the bank also uses other methods to be resilient in cybersecurity, like formal and informal training, team building activities, and organizing “FedEx days” for security experts.

“We take a particular security challenge and within a day they have to identify, design and implement a solution to the challenge so they tend to be small problems but nevertheless, meaningful ones,” Woods said.

“We get people talking and thinking about the problems that we might face from a cyber perspective, and how they could deal with those,” she added.

The Australian National Audit Office said that the RBA was successful in controlling cybersecurity threats throughout a set of audits in the previous year.

Moreover, it had established controls under the Information Security Manual’s standards, such as the Top Four and additional mitigation methods in the Essential Eight.