The high street bank has signed an agreement with Open Systems Management to use its user provisioning software to control access to its IBM AIX and Sun Microsystems Unix servers. About 10,000 staff will use the system once it has been fully rolled out next year.
The workflow software from Open Systems Management, called Cosuser, will reduce the number of employees who need privileged "super-user" access, making it easier to manage the systems, according to Lloyds.
The software also keeps an audit of user activity, which will prove useful for compliance purposes and internal investigations.
Currently, each user at Lloyds needs a separate password to access each of the Unix boxes, creating an administrative headache for IT staff.
The Cosuser software allows complex Unix administration tasks that would previously have required a privileged user to carry out to be delegated operations staff. It sits between the user's desktop and the Unix server and logs on the user.
Bob Spencer, head of group IT security and risk at Lloyds TSB, said, "You want to make sure that people have the minimum level of access [to the Unix systems] that they need to do their job. It lets people do things they need but not things they should not."
Spencer said the software also had the potential to help the bank comply with legislation such as Sarbanes-Oxley, which requires companies to keep detailed records of data to ensure the accuracy of information in company accounts.
The software will initially be used at Lloyds TSB's London headquarters, before being rolled out to all 1,000 Unix servers by the end of next year.
How the software tracks users
The threat of internal IT security breaches by employees and the demands of corporate governance regulations have raised the profile of user provisioning software.
The software acts as a gatekeeper to IT systems and helps verify the accuracy of information signed off in company accounts. The idea is that users are only granted the minimum access to the systems needed to do their jobs and when they leave this access can be disabled immediately.
Some user provisioning packages can also track physical assets such as laptops and mobile phones.