130 likes | 366 Views
HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd. NATURE of BANK’S DATA. Critical: Financial, Personal, Organisational Data Privacy and Confidentiality High Availability Ease of Use & Operations Archival & Retrieval if Data.
E N D
HOW SECURE IS BANKS’ CORE DATA?Prashant PandeHead Professional ServicesIDBI Intech Ltd
NATURE of BANK’S DATA • Critical: Financial, Personal, Organisational Data • Privacy and Confidentiality • High Availability • Ease of Use & Operations • Archival & Retrieval if Data
EVOLUTIONof DATA IN CBS • Ledgers and Registers • ALPM and Branch Based Solutions • Stand Alone Systems –Trade finance, Treasury etc. • Multiple Applications in CBS • Complex Networking • Integrated Systems • Backups of Diverse Systems • Concentration of Resources
CHANNELS & STRATEGIC TIE UPS • ATMs • Internet Banking • Mobile Banking • Credit Cards, Currency Cards etc • Insurance Companies • Online Trading • Ticket Vending
Customer Delivery Channel Mobile IVR Branch Call Center Internet Call Center Kiosk Portal Core Banking Solution Core Banking Solution Allied Solutions Corporate Banking Regulatory Reporting Consumer Banking Consumer Lending Import Export Guarantee Term Deposit CASA Risk Management Current/ Overdraft Commercial Lending Trade Financing Mortgages Bill Payment Payments Middleware Cash Management Wealth Management Investor Services Investor Services AML Mutual Fund Insurance Distribution Equity & Bonds Trading Accounts Management Structured Products Collections Payments Office A/Cs
SECURING DATA • Infrastructure Set up • ITIL standards – Data Centre Level III • DR Site • DR Drills • BCP • Users • Need to know basis • Access rights • Authentication
REORGANIZATION • Application Software • Customer Relationship Management • Transaction processing • Product Definitions • Reports – Regulatory, MIS, DSS • Interfaces, Payment middleware • Database security • SSL encryption • IDS Barriers • Firewalls • Secure data with strong encryption
RISK MITIGATION • Channels • Indirect Access to CBS • Independent Systems • Interdependent Systems • Multiple Authentication • Outsourced Services • Drafting and Monitoring of SLA’s • Non Disclosure Clauses • Meaningful Reports • Review and Monitoring of Reports and Outputs
Multiple servers OS Hardening Settings as per the Application Requirement Physical Security Surveillance Camera Critical Applications in a Cluster SECURITY MEASURES
STRENGTHENING MEASURES • Network Security • Intrusion Detection Systems • Internal and External Firewalls • Penetration Testing • Monitoring Attacks • Virus Protection and Constant Updates • User Profile • Continuous Training • Reviewing of the Access Rights • Sub-dividing the Processes • Use of Bio-metric Devices Core Data Security
AUDITS & ASSURANCES • Controls and Processes • Emerging Vulnerabilities • Perform Control Self Assessment • Integrity of Information Systems • Security Policy..
ASSURANCE • Regulatory and Other Compliances • Effectiveness of Internal Controls. • Risk Management • Implementing International / Quality Standards…