Central Bank of Kuwait’s compliance policy on concurrent user sessions
All banks located in Kuwait come under the umbrella of the Central Bank of Kuwait (CBK) and so are required to meet all policies enforced by the organisation. One of the key IT security policies is to control concurrent user sessions across all employees who have access to the bank's system.
This means that banks need to restrict user sessions so that employees cannot log onto two devices at the same time.
Failed regulatory requirements for multiple sessions
Following an audit by the CBK, it was discovered that the bank did not have a solution in place to restrict active directory concurrent sessions meaning AD users were able to have multiple sessions at any time and security could potentially be compromised.
The bank was forced to rapidly implement a solution that would enable it to restrict concurrent users across all employees in order to comply with CBK’s security policies.
Fast and simple to install, easy to manage
IS Decisions’ UserLock solution was recommended by one of the bank’s local consultants. After signing up for the free trial, the bank’s IT team was quickly able to familiarise themselves with the solution and its ability to satisfy CBK’s compliance mandate on concurrent user sessions.
The complete UserLock set up was done in a single day and the team was able to easily integrate it into the bank’s system. Once UserLock was up and running, it was an easy task to brief and train the wider operations team who are all now running it.
UserLock’s flexibility allows it to support multiple scenarios that the bank requires and when it needed to cover a specific technical scenario that was not supported, IS Decisions was able to quickly create a workaround to meet that requirement.
A robust security solution for managing simultaneous sessions
With its implementation of UserLock, the bank now complies with CBK’s regulation regarding restricting concurrent sessions by users.
The IS Decisions’ professional support team helped the bank during and after the implementation ensuring that the roll-out and management of UserLock was successful and met every requirement.
Lead Administrator – Systems Administration at the bank said: “We needed a solution to restrict user sessions and UserLock ticks that very important box for us. The support team is really helpful and worked closely with us to ensure a successful implementation. Not only have we now enforced regulation but we have also shared the news about the roll-out with our staff to show that we are an organization that cares about security.”
The bank started using UserLock in the middle of 2016 and is currently on version 9.