Automating User Access Reviews for Jack Henry’s SilverLake: How SecurEnds Empowers Credit Unions to Enhance Security and Compliance

In today’s rapidly evolving digital landscape, credit unions must prioritize robust security measures to protect member data and ensure regulatory compliance. A critical component of this security framework is the implementation of effective user access reviews, also known as access certifications. These reviews involve the systematic verification of user permissions to ensure that individuals have appropriate access levels aligned with their roles. Jack Henry’s SilverLake System serves as a comprehensive core banking platform for numerous credit unions, offering a suite of integrated applications to manage essential banking operations. However, the complexity of such systems can make manual user access reviews both time-consuming and prone to errors. 

In the realm of credit unions, manual user access reviews have, at times, led to significant oversights with serious consequences. A notable example is the case of CBS Employees Federal Credit Union, where inadequate access controls and manual processes allowed a manager to embezzle approximately $40 million over two decades. The National Credit Union Administration Office of Inspector General reported that the manager’s “super-user” access to the credit union’s accounting system enabled him to alter records and conceal fraudulent activities.

This incident underscores the critical need for robust, automated access review processes to detect and prevent unauthorized activities. By implementing SecurEnds automated User Access Reviews or Access Certification, credit unions can enhance their security posture, reduce the risk of internal fraud, and ensure compliance with regulatory standards.

Challenges in Manual User Access Reviews 

Credit unions utilizing the SilverLake System often face significant challenges when conducting manual user access reviews: 

• Time-Consuming Processes: With numerous high-risk systems requiring regular scrutiny, the task becomes overwhelming. For instance, South Atlantic Bank reported that the manual review process was so time-intensive that only minimal reviews could be conducted, raising concerns about potential errors and compliance issues. 

• Risk of Human Error: The manual nature of these reviews increases the likelihood of mistakes, potentially leading to unauthorized access remaining undetected. 

• Compliance Concerns: Inadequate or infrequent reviews can result in non-compliance with regulatory standards, exposing credit unions to legal and financial repercussions. 

The Importance of Automating User Access Reviews 

According to ISACA, automating user access reviews are vital for maintaining data integrity and ensuring that unauthorized individuals do not retain access to sensitive information. The process not only mitigates risks but also enhances accountability and provides valuable insights into potential insider threats. By systematically reviewing user roles and access levels, credit unions can detect and remediate inconsistencies, reducing the overall attack surface. 

Similarly, Secureframe highlights that regular user access reviews help organizations adhere to security frameworks and industry best practices. These reviews serve as an essential control mechanism to ensure that permissions align with operational needs, avoiding scenarios where employees accumulate excessive privileges over time. 

Regulatory Requirements: GLBA and FFIEC 

Credit unions are subject to stringent regulatory requirements under the Gramm-Leach-Bliley Act (GLBA) and guidelines from the Federal Financial Institutions Examination Council (FFIEC). Both frameworks emphasize the importance of safeguarding sensitive financial information and require institutions to implement robust access controls. 

• GLBA mandates that financial institutions protect the confidentiality and security of customer information. User access reviews help ensure that access to sensitive data is limited to authorized personnel, reducing the risk of data breaches. 
• FFIEC guidelines call for regular audits and access reviews as part of their Information Security Examination Handbook. This ensures that users have the appropriate access rights based on their roles and responsibilities, reinforcing the principle of least privilege.

By conducting regular user access reviews, credit unions can demonstrate compliance with these regulations, mitigate security risks, and protect member data from unauthorized access. 

SecurEnds’ Automated User Access Review Solution

SecurEnds offers a SaaS platform designed to automate user access reviews across both cloud-based and on-premises applications, including Jack Henry’s SilverLake System. By automating these processes, SecurEnds enables credit unions to:

• Enhance Efficiency: Automated reviews significantly reduce the time and effort required compared to manual methods, allowing for more frequent and thorough audits.
• Improve Accuracy: Automation minimizes the risk of human error, ensuring that access permissions are accurately assessed and updated as needed.
• Ensure Compliance: Regular, automated reviews help maintain adherence to GLBA, FFIEC, and other regulatory requirements, safeguarding against potential penalties.

How to Conduct User Access Reviews Using SecurEnds

1. Integrate with SilverLake:
   1. SecurEnds seamlessly integrates with Jack Henry’s SilverLake System to facilitate efficient user access reviews. Begin by generating specific reports from the SilverLake Menu, such as the Information Security – User ID Profile Setting report (IS9143P) and User Access Report (IS9141P).
   1. These reports provide detailed insights into user permissions, highlighting who has access to critical systems and data.
2. Ingest and Centralize Data:
   1. Upload the extracted reports into SecurEnds’ platform. The platform consolidates access data across all systems, creating a centralized repository for analysis.
3. Automate Access Reviews:
   1. SecurEnds automates the process by cross-referencing user access rights with job roles and responsibilities. Automated workflows ensure that reviews are conducted regularly without manual intervention.
4. Flag and Remediate Issues:
   1. The platform identifies discrepancies, such as employees with excessive privileges or inactive accounts that still retain access. Automated alerts notify administrators to revoke or adjust access rights as needed.
5. Generate Compliance Reports:
   1. SecurEnds generates detailed audit reports, documenting the entire review process. These reports serve as evidence of compliance during GLBA and FFIEC audits, demonstrating that the credit union follows best practices for user access management.
6. Continuous Monitoring:
   1. Implement continuous monitoring to track changes in user access between reviews. This proactive approach helps identify unauthorized access attempts and potential security threats in real-time.

For credit unions leveraging Jack Henry’s SilverLake System, implementing SecurEnds’ automated user access review solution is a strategic move toward enhancing security, improving operational efficiency, and ensuring compliance with regulatory standards such as GLBA and FFIEC. By automating the access certification process, credit unions can focus on delivering exceptional service to their members, confident in the knowledge that their systems are secure and compliant.