Success Story

Zero Trust Identity Transformation for a Global Asset Manager

Industry: Asset Management & Fund Administration

Services: Identity, Data & AI Risk Controls | Ongoing Cyber Governance & Risk Oversight

Duration: 6 months

The situation

This firm provides governance, administration, risk, and compliance services to institutional investors globally, with billions in assets under administration. Their authentication architecture had not kept pace with their growth. Static credentials, fragmented access controls, and perimeter-based trust assumptions created material risk, particularly around privileged accounts used to access high-value financial systems.

A routine security assessment surfaced multiple orphaned privileged accounts and inconsistent access policies across business units. Leadership recognised this was not an operational inconvenience; it was a genuine security exposure that needed a structural fix, not a patch.

What we did

We were engaged to redesign identity and privileged access from the ground up, not to layer controls on top of a broken foundation.

Replaced legacy authentication entirely. We migrated to a federated identity model with a central identity provider, eliminating fragmented login mechanisms. Passwords were phased out in favour of FIDO2 and certificate-based authentication, with risk-based policies adjusting verification strength dynamically based on context.

Eliminated standing privileged access. We implemented just-in-time (JIT) access for all administrative accounts. Elevated permissions are now granted only for the duration needed and revoked immediately after. Every privileged session is monitored in real time, with behavioural analytics flagging anomalies such as unfamiliar locations or atypical command execution.

Decommissioned legacy infrastructure. We reduced Active Directory dependency, replaced VPN-based privileged access with Zero Trust Network Access (ZTNA), and integrated service accounts into a secrets management platform with automated credential rotation.

The results

  • 100% of privileged accounts moved to just-in-time access with zero standing privileges
  • Passwordless authentication deployed across the workforce, reducing credential-based risk to near zero
  • Legacy identity infrastructure decommissioned, including redundant Active Directory dependencies and VPN tunnels
  • Measurable reduction in authentication friction for end users, with stronger security posture across the board

The firm now has an identity-first security model that satisfies regulatory expectations, removes implicit trust, and scales with the business. Security became a point of confidence in client conversations rather than a concern.