To modernize its client engagement platform, the boutique asset management firm wanted to add single sign-on (SSO), risk-based access and other advanced capabilities, delivered as a managed service.
PRI designed a solution featuring Security Access Manager virtual appliances on a high-performance, scalable AWS infrastructure. It also manages the solution with its iamaware platform.
Simplifies web and mobile experiencesusing SSO and multifactor authentication (MFA) across applications and devices
Supports business expansion and agilitywith a uniform authentication framework for multicloud deployments
Helps increase productivity and minimize IT costsby teaming with an experienced security services provider
Business challenge story
Multiple credentials burden users
To optimize their asset investments, high-net-worth individuals and institutions need experts who understand their specific goals, cash flow and tax requirements, and risk tolerances. For more than 30 years, the boutique asset management firm has helped clients and their advisors build personalized investment portfolios. The company consistently achieves strong customer retention rates using analytics-driven strategies and a customized, relationship-focused approach.
“We are a white-glove, high-touch service delivery wealth manager,” explains the firm’s digital and information officer. “We provide a lot of what I call a concierge-level service, interacting with clients throughout the sales process and giving them access to well-educated, experienced portfolio managers and a unique custom portfolio buildout to meet their needs.”
The firm’s strategic direction includes increasing assets under management (AUM) among its existing base of independent advisors and investment bankers. To support this growth, the digital and information officer helps lead enterprisewide efforts to enhance services and boost efficiency with innovative web and mobile applications running on a hybrid cloud infrastructure. He also capitalizes on application programming interfaces (APIs) to build greater agility, performance and cost savings into new solutions.
Recently, the digital and information officer and his team developed a cloud-based wealth management platform for the company’s employees, external associates and clients. Accessible through a wide range of devices, it serves as a portal to a full suite of applications and tools that connect to the system through an API gateway. These resources include the company’s external website and Salesforce CRM application, its proprietary portfolio analysis software and other custom-built in-house solutions along with third-party offerings such as Zoom videoconferencing.
As part of his vision for the new wealth management platform, the digital and information officer wanted to free the firm from the constraints imposed by its parent company’s centralized IAM solution. New users were enrolled in the corporate Microsoft Active Directory service, which authenticated and authorized application use. Once enrolled, they had to separately log in to each of their authorized websites and applications using a different ID and password.
The digital and information officer sought to deploy a more holistic, uniform authentication framework featuring security-rich SSO capabilities. He also wanted experienced IAM specialists to develop the solution and deliver it as a managed service on a robust cloud platform.
IBM Security services hosted by AWS
The firm engaged PRI to design, test and deploy Security Access Manager virtual appliances hosted on an Amazon Virtual Private Cloud environment. PRI, a security services provider that has partnered with IBM for more than 20 years, also proactively monitors and manages the solution on its iamaware platform. Its services include overseeing service level agreements (SLAs) and security and compliance reporting.
By selecting an IBM Security™ offering, the company simplifies users’ digital experiences with token-based SSO capabilities for on-premises, multicloud and mobile applications. The company also supports SSO for third-party applications outside its network with the solution’s Federation module. Internal advisors and other employees are automatically authenticated in the AWS cloud against the firm’s internal Active Directory database, and external users are managed in the Lightweight Directory Access Protocol (LDAP) embedded in the Security Access Manager solution. Cybersecurity is also enhanced with MFA and built-in protections against advanced threats, including the Open Web Application Security Project’s top 10 web application security risks. Furthermore, to aid in identifying unauthorized and potentially malicious users, the solution’s Advanced Access Control module dynamically factors in geographic location, browser type and other detailed contextual information when assessing risk.
Supported by an AWS team, PRI smoothly tested and rolled out the security solution, integrating it with the API gateway for the wealth management platform. The firm’s digital and information officer worked closely with clients and other platform users to introduce the changes. Now, by relying on an agile AWS cloud infrastructure designed for high availability, the Business Partner can quickly scale the solution to facilitate the firm’s business growth. It can also quickly adjust IT capabilities to support evolving front-end functionality developed by the firm. For example, some clients wanted to give their assistants and other trusted individuals permission to access their accounts, so the firm built a delegated authority feature on its external site. The IT team sent its requirements to PRI, which quickly responded so that the feature could be launched.
To meet the firm’s needs, PRI performs the IT enablement work as needed and on demand. “The IBM product has a lot of capabilities, but we have a small team and don’t have the level of expertise to exploit it. PRI has that in their shop,” explains the digital and information officer. “Based on our requirements, they can switch on and off those capabilities for us to use as a service.”
Vinita Bhushan, Enterprise Security Architect at PRI, agrees. “The firm’s business initiatives keep changing because they have a small workforce, and they need to get a lot of things done. Because they are nimble, we have to make sure our service is nimble.”
High-end digital experiences
The firm’s clients can now more freely consult with their investment teams while working remotely. “We’ve had scenarios where clients are sitting out on a beach with their tablets, and their portfolio manager basically walks them through the portfolio,” comments the digital and information officer.
The firm gains the flexibility to rapidly add innovative, multivendor API-connected services in response to evolving marketplace demands. “Cloud-based authentication is a cornerstone for digital enablement,” says the digital and information officer. “It’s one of the pillars I needed to assemble before using the hybrid cloud model.” In addition, the IT team can better help business managers create more distinct, personalized digital experiences.
Using an outsourced security model, the firm also eliminates associated overhead IT costs and increases productivity while addressing government and corporate security requirements. The digital and information officer emphasizes that by working closely with PRI, he also keeps critical IT skills at his disposal. “I don’t have to hire IAM expertise on my side,” he says. “I’ve got PRI as a partner, basically bringing that to the table, and it’s a great partnership.”
With IBM Security capabilities delivered on AWS, everyone in the firm’s ecosystem benefits, says the digital and information officer. Clients, advisors, brokers and other users can use one set of credentials to log in on any device and access all their resources. They can also have greater confidence that personal and company data is protected against cybercriminals.
About the asset management firm
The US company specializes in intelligently personalized portfolio management for high-net-worth individuals, families and institutions. With multibillion dollar assets under management, it distinguishes itself through personalized service and portfolio construction. The firm’s investment professionals serve private clients and their independent financial advisors through the firm’s business-to-consumer (B2C) channel and advise banks through its business-to-business (B2B) channel.
About Pontis Research, Inc.
Founded in 1994, IBM Business Partner PRI helps organizations bridge the gap between business initiatives and IT delivery. It offers a comprehensive portfolio of security consulting services and offerings for IAM, application and data security, security intelligence and analytics, and managed support. Based in the US in Westlake Village, California, PRI serves clients in a wide range of regulated industries, including financial markets, manufacturing, education and healthcare.
Take the next step
To learn more about the IBM solution featured in this story, please contact your IBM representative or IBM Business Partner.