On high alert

zoom

zoom

Paul Sherry of F5 Networks says that IT security among major banks is now regarded as very important, due to the increasing numbers of cyber attacks.

Threats to liquidity are not the only pressure points that banks and financial organisations need to be on the look out for. There are other immediate issues that can jeopardise security.

The security area of IT may well weather the storm of budget cuts better than others. Following a series of high profile attacks on many institutions, IT managers are forced to keep their security on high alert.

"We have seen a number of major attacks on banks in recent times and even towards the end of last year there was a real scare with the attacks on people's accounts. So security in banking has become one of those things that although maybe not held to be as important three to four years ago has of late become very important," says Paul Sherry, regional director MEA, F5 Networks.

The security issues that banking and finance organisations face are unique given that they deal not only with their own internal information but interact daily with multiple customers. This complicates not only security investments, but also managing and maintaining them across physical as well as digital arenas.

Physical security cannot be under-estimated when protecting a bank's assets. In a typical financial institution, physical security at the customer level includes everything from cameras at ATM machines, to fingerprint scans when they access online accounts.

Internally, as awareness increases on the growing incidence of attacks from within organisations, IT managers are forced to increase preventive measures from the desktop to the data centre.

"The location of our data centre is very secure, it's buried underground and you can only gain access after passing by a security guard and then through the access doors. This is coupled with surveillance cameras within the room," says Mohammed Al Khatib, chief information officer of the Amman Stock Exchange.

Al Khatib also points out that the data centre is immune to bombs and missile attacks and is equipped with fire resistant doors and firefighting equipment.

Srood Sherif, chief information officer of the National Bank of Abu Dhabi (NBAD) also believes in the necessity of establishing a wide swathe of controls. "The physical access is controlled through multiple layers including, amongst other things, physical card technology," he explains.

"In terms of physical security what you usually see is a form of access control that is typically done via picture tag and for the data centre a pin or password can be used. This is for the smaller data centres; the bigger ones have even more stringent security safeguards," says Dino Ganda, IT manager of one of the major international banks for EMEA.

Biometrics, largely related to body scans, have been gaining in popularity over the last few years, both at the desktop and data centre access levels. In more recent times, these technology options are being considered by banks and financial organisations, even for customer level access checks.

However, many IT managers, like Sherif and Al Khatib, remain interested in the possibilities the solutions provide, but are yet unconvinced of its viability.

"If the solution can provide clear and tangible benefits we will definitely consider it," says Sherif. "Having said that, we believe the iris technology is still not very practical and user friendly for banking applications. We always have our customers in the back of our minds when we select solutions to ensure that they are practical, simple and acceptable to our customers."

"We have been looking into identity access and in my opinion the products available on the market on a mass scale are still not good enough. Retinal scans are still stored somewhere and if you can provide that as a feed then you can steal somebody's retinal identity. Biometrics is in the end still a digital process and digital products can be hacked and stolen," warns Al Khatib.

Even if the physical security is handled with any success, IT managers will still be left to face the more difficult prospect of defending their network security.

According to Al Khatib there are a number of different aspects to digital security. "The first aspect is network security and we have two layers of firewall by different manufacturers.

"I personally consider the trick of digital security to be in the design so if the design is very well thought out and you would have to be an insider to penetrate it and so unless you know the design of the network it would take a very long time. After going through the network then we also have the security on the databases together with the security on the applications," Khatib says.

Sherif is hesitant to reveal much of what he has put in place but states that security is part of all systems and that NBAD believes in implementing and adopting the best practice standards in the industry.

The importance of protecting infrastructure from external and internal attacks has driven IT managers to put in new technologies as they come off the market.

"One can use access control tools like passwords, pin numbers and secure ID depending on location, while there are also various levels of encryption in the transportation of messages across the local area and wide area network equipment," suggests Ganda.

Jason Hart, senior vice president at authentication solutions provider CryptoCard has seen technologies like firewalls, antivirus software and content filtering become hot topics amongst his clients.

It is Hart's opinion that until recently the majority of institutions have made use of what he terms "primitive methods" of allowing access to information and to safeguard online banking.

"However, what they are now starting to realise very quickly is because of the lack of security and the focus on security in relation to standards and audit trails and mitigating risks that they are becoming soft targets for fraud to be conducted, especially now with the explosion in online banking. People are moving very quickly to handle these headaches," says Hart.

Print | Email | Discuss this article

| Share |

READERS' COMMENTS

Click here to post a comment

Add your Comment All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Arabian Business would like to point out that only comments relevant to the story will be published. Any containing personal insults or inappropriate language will not be approved.
Name *
Remember me on this computer
Email *	(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Enter the words above *
Please click post only once - your comment will not be published immediately.

MORE FROM ARABIANBUSINESS.COM