Time is money
Moving faster with cloud-based identity management
Young women working on a desktop computer at home

To optimize their asset investments, high-net-worth individuals and institutions need experts who understand their specific goals, cash flow and tax requirements, and risk tolerances.

For more than 30 years, a boutique asset management firm has helped clients and their advisors build personalized investment portfolios. The company consistently achieves strong customer retention rates using analytics-driven strategies and a customized, relationship-focused approach.

“We are a white-glove, high-touch service delivery wealth manager,” explains the firm’s Digital and Information Officer. “We provide a lot of what I call a concierge-level service, interacting with clients throughout the sales process and giving them access to well-educated, experienced portfolio managers and a unique custom portfolio buildout to meet their needs.”

The firm’s strategic direction includes increasing assets under management (AUM) among its existing base of independent advisors and investment bankers. To support this growth, the Digital and Information Officer helps lead enterprisewide efforts to enhance services and boost efficiency with innovative web and mobile applications running on a hybrid cloud infrastructure. He also capitalizes on application programming interfaces (APIs) to build greater agility, performance and cost savings into new solutions.

Recently, the Digital and Information Officer and his team developed a cloud-based wealth management platform for the company’s employees, external associates and clients. Accessible through a wide range of devices, it serves as a portal to a full suite of applications and tools that connect to the system through an API gateway. These resources include the company’s external website and Salesforce CRM application, its proprietary portfolio analysis software and other custom-built in-house solutions, along with third-party offerings such as Zoom videoconferencing.

Simplified experiences

 

Single sign-on and multifactor authentication simplify a firm’s web and mobile experiences

Enhanced Productivity

 

By teaming with a security services provider, an asset management firm increases productivity and minimizes IT costs

Cloud-based authentication is a cornerstone for digital enablement. It’s one of the pillars I needed to assemble before using the hybrid cloud model. Digital and Information Officer boutique asset management firm

As part of his vision for the new wealth management platform, the Digital and Information Officer wanted to free the firm from the constraints imposed by its parent company’s centralized identity and access management (IAM) solution. New users were enrolled in the corporate Microsoft Active Directory service, which authenticated and authorized application use. Once enrolled, they had to separately log in to each of their authorized websites and applications using a different ID and password.

The Digital and Information Officer sought to deploy a more holistic, uniform authentication framework featuring security-rich single sign-on (SSO) capabilities. He also wanted experienced IAM specialists to develop the solution and deliver it as a managed service on a robust cloud platform.

IBM Security services hosted by AWS

The firm engaged IBM Business Partner Pontis Research, Inc. (PRI) to design, test and deploy IBM Security® Verify Access virtual appliances hosted on an Amazon Virtual Private Cloud environment. PRI, a security services provider that has teamed with IBM for more than 20 years, also proactively monitors and manages the solution on its iamaware platform. Its services include overseeing service level agreements (SLAs) and security and compliance reporting.

By selecting an IBM Security offering, the company simplifies users’ digital experiences with token-based SSO capabilities for on-premises, multicloud and mobile applications. The company also supports SSO for third-party applications outside its network with the solution’s Federation module. Internal advisors and other employees are automatically authenticated in the AWS cloud against the firm’s internal Active Directory database, and external users are managed in the Lightweight Directory Access Protocol (LDAP) embedded in the IBM Security Verify Access solution. Cybersecurity is also enhanced with multifactor authentication (MFA) and built-in protections against advanced threats, including the Open Web Application Security Project’s top 10 web application security risks. Furthermore, to aid in identifying unauthorized and potentially malicious users, the solution’s Advanced Access Control module dynamically factors in geographic location, browser type and other detailed contextual information when assessing risk.

Supported by an AWS team, PRI smoothly tested and rolled out the security solution, integrating it with the API gateway for the wealth management platform. The firm’s Digital and Information Officer worked closely with clients and other platform users to introduce the changes. Now, by relying on an agile AWS cloud infrastructure designed for high availability, the Business Partner can quickly scale the solution to facilitate the firm’s business growth. It can also quickly adjust IT capabilities to support evolving front-end functionality developed by the firm. For example, some clients wanted to give their assistants and other trusted individuals permission to access their accounts, so the firm built a delegated authority feature on its external site. The IT team sent its requirements to PRI, which quickly responded so that the feature could be launched.

To meet the firm’s needs, PRI performs the IT enablement work as needed and on demand. “The IBM product has a lot of capabilities, but we have a small team and don’t have the level of expertise to exploit it. PRI has that in their shop,” explains the Digital and Information Officer. “Based on our requirements, they can switch on and off those capabilities for us to use as a service.”

Vinita Bhushan, Enterprise Security Architect at PRI, agrees. “The firm’s business initiatives keep changing because they have a small workforce, and they need to get a lot of things done. Because they are nimble, we have to make sure our service is nimble.”

I don’t have to hire IAM expertise on my side. I’ve got PRI as a partner, basically bringing that to the table, and it’s a great partnership Digital and Information Officer boutique asset management firm
High-end digital experiences

The firm’s clients can now more freely consult with their investment teams while working remotely. “We’ve had scenarios where clients are sitting out on a beach with their tablets, and their portfolio manager basically walks them through the portfolio,” comments the Digital and Information Officer.

The firm gains the flexibility to rapidly add innovative, multivendor API-connected services in response to evolving marketplace demands. “Cloud-based authentication is a cornerstone for digital enablement,” says the Digital and Information Officer. “It’s one of the pillars I needed to assemble before using the hybrid cloud model.” In addition, the IT team can better help business managers create more distinct, personalized digital experiences.

Using an outsourced security model, the firm also eliminates associated overhead IT costs and increases productivity while addressing government and corporate security requirements. The Digital and Information Officer emphasizes that by working closely with PRI, he also keeps critical IT skills at his disposal. “I don’t have to hire IAM expertise on my side,” he says. “I’ve got PRI as a partner, basically bringing that to the table, and it’s a great partnership.”

With IBM Security capabilities delivered on AWS, everyone in the firm’s ecosystem benefits, says the Digital and Information Officer. Clients, advisors, brokers and other users can use one set of credentials to log in on any device and access all their resources. They can also have greater confidence that personal and company data is protected against cybercriminals.

About the asset management firm

The US firm specializes in intelligently personalized portfolio management for high-net-worth individuals, families and institutions. Managing multibillion-dollar assets, it distinguishes itself through personalized service and portfolio construction. The firm serves private clients and their independent financial advisors through its B2C channel and advise banks through its B2B channel.

About Pontis Research, Inc.

Founded in 1994, IBM Business Partner PRIExternal Link (link resides outside of ibm.com) bridges the gap between business and IT with a portfolio of consulting services and offerings for IAM, application and data security, security intelligence and analytics, and managed support. Based in the US in Westlake Village, California, PRI serves clients in various regulated industries, including financial markets, manufacturing, education and healthcare.

Take the next step

To learn more about the IBM solutions featured in this story, please contact your IBM representative or IBM Business Partner.

View more case stories VLI

VLI moves cargo faster and safer with IBM Security solutions

Read the case study
Commercial International Bank S.A.E.

Enhancing processes and security while moving toward the goal of zero trust

Read the case study
Legal

© Copyright IBM Corporation 2021. IBM Corporation, IBM Security, New Orchard Road, Armonk, NY 10504

Produced in the United States of America, April 2021.

IBM, the IBM logo, ibm.com, and IBM Security are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/trademark.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.

Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.