Time is money

Moving faster with cloud-based identity management
by Karen Boush
6-minute read
Young woman working on desktop computer at home

To optimize their asset investments, high-net-worth individuals and institutions need experts who understand their specific goals, cash flow and tax requirements, and risk tolerances.

For more than 30 years, a boutique asset management firm has helped clients and their advisors build personalized investment portfolios. The company consistently achieves strong customer retention rates using analytics-driven strategies and a customized, relationship-focused approach.

“We are a white-glove, high-touch service delivery wealth manager,” explains the firm’s Digital and Information Officer. “We provide a lot of what I call a concierge-level service, interacting with clients throughout the sales process and giving them access to well-educated, experienced portfolio managers and a unique custom portfolio buildout to meet their needs.”

The firm’s strategic direction includes increasing assets under management (AUM) among its existing base of independent advisors and investment bankers. To support this growth, the Digital and Information Officer helps lead enterprisewide efforts to enhance services and boost efficiency with innovative web and mobile applications running on a hybrid cloud infrastructure. He also capitalizes on application programming interfaces (APIs) to build greater agility, performance and cost savings into new solutions.

Recently, the Digital and Information Officer and his team developed a cloud-based wealth management platform for the company’s employees, external associates and clients. Accessible through a wide range of devices, it serves as a portal to a full suite of applications and tools that connect to the system through an API gateway. These resources include the company’s external website and Salesforce CRM application, its proprietary portfolio analysis software and other custom-built in-house solutions, along with third-party offerings such as Zoom videoconferencing.

Woman working from home using laptop computer while reading text message on mobile phone

Single sign-on and multifactor authentication

simplify

a firm’s web and mobile experiences

By teaming with a security services provider, an asset management firm

increases

productivity and minimizes IT costs

Cloud-based authentication is a cornerstone for digital enablement. It’s one of the pillars I needed to assemble before using the hybrid cloud model.
Digital and Information Officer
boutique asset management firm

As part of his vision for the new wealth management platform, the Digital and Information Officer wanted to free the firm from the constraints imposed by its parent company’s centralized identity and access management (IAM) solution. New users were enrolled in the corporate Microsoft Active Directory service, which authenticated and authorized application use. Once enrolled, they had to separately log in to each of their authorized websites and applications using a different ID and password.

The Digital and Information Officer sought to deploy a more holistic, uniform authentication framework featuring security-rich single sign-on (SSO) capabilities. He also wanted experienced IAM specialists to develop the solution and deliver it as a managed service on a robust cloud platform.

Businessman using cell phone
Two young women having a discussion in a business
I don’t have to hire IAM expertise on my side. I’ve got PRI as a partner, basically bringing that to the table, and it’s a great partnership
Digital and Information Officer
boutique asset management firm
IBM Security services hosted by AWS
I don’t have to hire IAM expertise on my side. I’ve got PRI as a partner, basically bringing that to the table, and it’s a great partnership
Digital and Information Officer
boutique asset management firm

The firm engaged IBM Business Partner Pontis Research, Inc. (PRI) to design, test and deploy IBM Security™ Verify Access virtual appliances hosted on an Amazon Virtual Private Cloud environment. PRI, a security services provider that has teamed with IBM for more than 20 years, also proactively monitors and manages the solution on its iamaware platform. Its services include overseeing service level agreements (SLAs) and security and compliance reporting.

By selecting an IBM Security offering, the company simplifies users’ digital experiences with token-based SSO capabilities for on-premises, multicloud and mobile applications. The company also supports SSO for third-party applications outside its network with the solution’s Federation module. Internal advisors and other employees are automatically authenticated in the AWS cloud against the firm’s internal Active Directory database, and external users are managed in the Lightweight Directory Access Protocol (LDAP) embedded in the IBM Security Verify Access solution. Cybersecurity is also enhanced with multifactor authentication (MFA) and built-in protections against advanced threats, including the Open Web Application Security Project’s top 10 web application security risks. Furthermore, to aid in identifying unauthorized and potentially malicious users, the solution’s Advanced Access Control module dynamically factors in geographic location, browser type and other detailed contextual information when assessing risk.

Supported by an AWS team, PRI smoothly tested and rolled out the security solution, integrating it with the API gateway for the wealth management platform. The firm’s Digital and Information Officer worked closely with clients and other platform users to introduce the changes. Now, by relying on an agile AWS cloud infrastructure designed for high availability, the Business Partner can quickly scale the solution to facilitate the firm’s business growth. It can also quickly adjust IT capabilities to support evolving front-end functionality developed by the firm. For example, some clients wanted to give their assistants and other trusted individuals permission to access their accounts, so the firm built a delegated authority feature on its external site. The IT team sent its requirements to PRI, which quickly responded so that the feature could be launched.

To meet the firm’s needs, PRI performs the IT enablement work as needed and on demand. “The IBM product has a lot of capabilities, but we have a small team and don’t have the level of expertise to exploit it. PRI has that in their shop,” explains the Digital and Information Officer. “Based on our requirements, they can switch on and off those capabilities for us to use as a service.”

Vinita Bhushan, Enterprise Security Architect at PRI, agrees. “The firm’s business initiatives keep changing because they have a small workforce, and they need to get a lot of things done. Because they are nimble, we have to make sure our service is nimble.”

Woman and man talking in a modern office
High-end digital experiences

The firm’s clients can now more freely consult with their investment teams while working remotely. “We’ve had scenarios where clients are sitting out on a beach with their tablets, and their portfolio manager basically walks them through the portfolio,” comments the Digital and Information Officer.

The firm gains the flexibility to rapidly add innovative, multivendor API-connected services in response to evolving marketplace demands. “Cloud-based authentication is a cornerstone for digital enablement,” says the Digital and Information Officer. “It’s one of the pillars I needed to assemble before using the hybrid cloud model.” In addition, the IT team can better help business managers create more distinct, personalized digital experiences.

Using an outsourced security model, the firm also eliminates associated overhead IT costs and increases productivity while addressing government and corporate security requirements. The Digital and Information Officer emphasizes that by working closely with PRI, he also keeps critical IT skills at his disposal. “I don’t have to hire IAM expertise on my side,” he says. “I’ve got PRI as a partner, basically bringing that to the table, and it’s a great partnership.”

With IBM Security capabilities delivered on AWS, everyone in the firm’s ecosystem benefits, says the Digital and Information Officer. Clients, advisors, brokers and other users can use one set of credentials to log in on any device and access all their resources. They can also have greater confidence that personal and company data is protected against cybercriminals.

About the asset management firm

The US firm specializes in intelligently personalized portfolio management for high-net-worth individuals, families and institutions. Managing multibillion-dollar assets, it distinguishes itself through personalized service and portfolio construction. The firm serves private clients and their independent financial advisors through its B2C channel and advise banks through its B2B channel.

About Pontis Research, Inc.

Founded in 1994, IBM Business Partner PRIExternal Link bridges the gap between business and IT with a portfolio of consulting services and offerings for IAM, application and data security, security intelligence and analytics, and managed support. Based in the US in Westlake Village, California, PRI serves clients in various regulated industries, including financial markets, manufacturing, education and healthcare.

Solution component
About the asset management firm

The US firm specializes in intelligently personalized portfolio management for high-net-worth individuals, families and institutions. Managing multibillion-dollar assets, it distinguishes itself through personalized service and portfolio construction. The firm serves private clients and their independent financial advisors through its B2C channel and advise banks through its B2B channel.

About Pontis Research, Inc.

Founded in 1994, IBM Business Partner PRIExternal Link bridges the gap between business and IT with a portfolio of consulting services and offerings for IAM, application and data security, security intelligence and analytics, and managed support. Based in the US in Westlake Village, California, PRI serves clients in various regulated industries, including financial markets, manufacturing, education and healthcare.

Solution component