A major banking player engaged Wavestone to implement the Agile method within its Operational Security Department. This department ensures the security of IT services for all the bank’s activities in Switzerland. Within Operational Security, the team that manages privileged access (PAM) was encountering organizational difficulties in absorbing the flow of requests and managing priorities, while still carrying out projects on its own terms.
Wavestone interviewed the Head of Operational Security to understand how implementing the Agile method could address the problems being encountered while exceeding expectations for this activity, which plays a key role in the proper functioning of the bank.
What are the issues faced by the PAM team?
The team in charge of privileged access management, which comprises five people, appeared undersized because it was facing a very heavy workload. The pressure encountered in the flow of requests made it difficult to prioritize tasks, and the team could feel paralyzed and frustrated that it could never complete projects in progress. At the same time, we were convinced that it was necessary to concentrate our experts on the tasks with the highest added value, but they were monopolized by project management and organizational concerns, which were not at all their preferred fields.
How was the Agile method implemented within the department?
The Agile method is more traditionally applied to development projects. Its application in a production setting is quite ahead of the curve. For this reason, the Wavestone team’s work began with a two-month phase of observation, listening and taking a step back in order to fully understand how things functioned and not impose ready-made conclusions. After this, the method was gradually implemented in the form of daily discussions and specific tools, while ensuring all the project stakeholders were kept on board. It was so successful that we organized a feedback session where more than 150 employees of the DSI took part. This allowed us to gain perspective by concretely analyzing what in the method was in sync or not with our mode of operation and what could be extended to other areas.
Head of Operational Security
We’re very proud of this ambitious achievement, because at first, we didn’t believe it possible! We thought outside the box, and it worked. Wavestone has shown itself capable of understanding our issues and problems closely and being bold in responding to them.
What were the results?
From a quantitative point of view, the results are quite phenomenal. While previously we tended to integrate about 15 applications in 6 months, our new organizational approach enabled us to integrate 90 in the space of 3 months! Looking beyond the figures, the Agile method has allowed us to introduce visibility to the organization of our team. For the first time, we are involving non-technical players, with people and organizational skills to help set the pace, facilitate the management of requests, and streamline collaboration between teams. This expert/facilitator interaction has made it possible to refocus experts where they are best deployed.
How did the team experience these profound changes in the organization?
They brought real calm to the whole team: those involved feel more supported and relieved of an organizational role which was out of character for them. It’s very motivating and rewarding for the team to be able to see what was accomplished the day before and to have visibility on the rest of the projects. From a management point of view, it’s much more comfortable to be able to demonstrate regular progress, with objectives being achieved and even exceeded. A real team dynamic was created. The challenge today is to sustain these achievements over time, and the Wavestone team has helped us do this by preparing the ground to train the teams and hand on the baton internally. We also have the ambition to extend the implementation of the Agile method more widely within the Information Systems Department (DSI) which includes about 300 people.