Banking Role of Security Products

BankingRole of Security Products Subramanyam Venkatakrishnan Country Manager – Software Group IBM Vietnam Email : subra@vn.ibm.com Topics 2 3 Security and the Banking Front Office- Security and the Banking Back Office 1 Banking Overview 4 Security and Banking Risk and Compliance Banking Overview Banks face many challenges today Drivers of Bank Spend Reduce operation costs Reduce IT maintenance costs Focus on core business activity Grow top line Create a basis of differentiation Rapidly develop and deploy new products Reduce overall risk exposure Reduce capital requirements Comply with all regulations Strengthen operation controls Examples: Lower paper-based transaction costs Examples: Improve customer service through online system, ATMs, and branch outlets Examples: Prevent operational risks from creating a business disruption Equity Premium Reduced Insurance Cost Higher Credit Rating / Lower Cost of Debt Brand equity STAKEHOLDER VALUE MATURITY CONTINUUM TRANSFORM IMPROVE COMPLY “Optimize and Sustain” “Lever Compliance for Competitive Advantage” COST Risk Management starts with regulatory compliance, but moves to improve competitive advantage “Penalty Avoidance” Drivers: Enhanced Decision Making Increased transparency & speed Process robustness Risk mitigation Streamlined reporting Increased accountability Increased investor confidence VALUE ERM evolves from checking of lists to becoming the nervous system of the business Timeline Events Regulatory & Market Response The fear of systemic failure, will drive central banks to define norms for risk and compliance Credit Risks Market Risks Other Risks Operational Risks 60% 30% 5% 5% Security plays a big role in managing Operational Risk, the second biggest, after Credit Security and the Banking Front Office Banking Front Office Initiatives Common front office banking initiatives Grow the business Co-browsing service to boost application rates and reduce application errors Channel integration to consolidate customer information and to create more targeted ads Leverage all channels (online, branch outlet, contact center) to drive cross-selling and up-selling Strategic partnerships to offer more comprehensive menu of financial products, i.e. bank partnering with capital markets firm to offer a mutual fund Drive operational efficiencies Lower cost of supporting customers by driving more online traffic Improve productivity of branch sales reps and contact center support reps Ensure operational resilience Eliminate or minimize identity theft risks and fraudulent activity Improve quality of information gathering for new customers to ensure compliance with Patriot Act and other AML initiatives Security adds value for the following projects Grow the business Drive operational efficiencies Ensure operational resilience Eliminate or minimize identity theft risks and fraudulent activity Automate customer account management to minimize lossesvia Tivoli Identity Manager and Tivoli Access Manager ISSUE Once identity theft or fraud has been detected, customers often experience difficulty getting their accounts immediately close, which increases their losses Account activity monitoring to provide audit trail useful for fraud investigation Tivoli Identity Manager provides… Automated account management, including provisioning of access rights and the denial of those rights based on corporate-defined privileges Benefits Ensure rapid responses to customer complaints Limit losses associated with identity theft Tivoli Access Manager provides… Account auditing Real-time authentication of access to OSs, DBs, apps, and directories Security for Banking Back Office Banking Back Office Challenges Driven by the Business Business drivers of cost growth Application complexity driven by diversification of products Focus on risk management (credit, market, operational, etc.) Greater demands for IT QoS And yet… IT has been given smaller budgets and must demonstrate ROI Bloated administrative overhead to remain flat Business drivers of flexibility Shorter lifecycles for financial products Competitive threats New regulations and industry standards to adapt to (Check 21, SOX, Basel II) And yet…. Continued use of legacy systems, lack of automated tools Flat to minimal investment in automation tools Security adds value in the following initiatives Improve efficiencies and lower costs Continue to drive internet usage among customers to reduce support costs Improve business flexibility and responsiveness Business process outsourcing/off-shoring Enable growth objectives related to outsourcing or strategic acquisitions through secure partner networks and identity mgmtvia Tivoli Federated Identity Manager, Tivoli Identity Manager ISSUE Financial institutions spend over $1B annually on offshoring; more firms looking to outsourcing credit card, debit card, and mortgage loan application processing Mergers and acquisitions force rapid personnel changes These factors exacerbate identity theft and fraud concerns, which already cost US firms over $2.4B in 2004 Tivoli Federated Identity Manager and Tivoli Identity Manager provides… Automated account management and self-administration of passwords Trusted network security among business partners Benefits Enable strategic growth through trusted partnership networks Lower complexity, time, and resources spent on personnel management following organizational changes Security and  Risk and Compliance Banks must meet stringent regulatory requirements while controlling costs Common Pain Points Need to meet stringent demands for enterprise security and records management stemming from the regulatory climate (e.g. Sarbanes-Oxley) Need a flexible IT infrastructure that adapts to regulatory changes and supports both business unit and risk management goals (e.g. Basel II) Escalating risk and compliance-related costs Must build an enterprise-wide risk management infrastructure and be predictive not reactive Risk Compliance Need to better understand bank risk exposure (credit, market, liquidity) Manage reputation Prevent destabilizing external threats stemming from virus or DOS attacks Increased disclosure requirements bring tighter control on reporting systems Ensure system security compliance Goals Security adds value to these Banking Risk and Compliance initiatives Identity theft and fraud Customer account management to prevent losses related to identity theft or fraud Auditing of account access and activity for future investigations into malicious behavior Operational resilience Ensure system security compliance for all corporate IT resources Implement enterprise-wide security and compliance policies that can flexibly adapt over time as regulations modify or expand Prevention of external threats such as virus attacks or DOS attacks Records management and retention Automate customer account management to prevent lossesvia Tivoli Identity Manager ISSUE Once identity theft or fraud has been detected, customers often experience difficulty with getting their accounts closed, which increases their losses Once a victimized account gets shut down, customers want new accounts quickly setup Enterprise-wide identities difficult to manage, allowing for improper access of sensitive corporate or customer data to the wrong person within an organization Tivoli Identity Manager provides… Automated account management, including provisioning of access rights and the denial of those rights based on corporate-defined privileges Ensure brokers, traders, branch sales reps, etc. gain access to the applications they need to perform their roles Benefits Ensure rapid responses to customer complaints Limit losses associated with identity theft Help meet regulatory standards related to internal controls Limit losses associated with identity theft via Tivoli Access Manager ISSUE Identity thieves are often able to access accounts after a theft has been reported and an account closure requested Account activity isn’t always monitored, which makes investigating a fraud claim difficult Tivoli Access Manager provides… Centralized, real-time authentication of OSs, DBs, apps, and directories Enforce corporate security policy related to user application and data access Audit application usage Benefits Ensure rapid responses to customer complaints Limit losses associated with identity theft Help meet regulatory standards related to documenting robust internal controls Prevent external risks that threaten operational resilience via Tivoli Risk Manager ISSUE DOS or virus attacks can cripple the availability of online services used by employees or customers Operational discontinuities result in lost business, dissatisfied customers, and IT costs spent on remediation Tivoli Risk Manager provides… Proactive network and web intrusion detection to prevent external threats from entering the enterprise network Problem isolation and remediation Benefits Keep customer and employee application services up and running Minimize IT resource consumption spent on network health and performance Align all systems with corporate security guidelinesvia Tivoli Security Compliance Manager ISSUE Spamming software often gets embedded on user machines, making them vulnerable to abuse and slowdown Systems that fail to adhere to the corporate security guidelines often go down, making themselves vulnerable to disruptions or failures to bugs, viruses, etc. Very costly today to identify and fix out-of-compliance systems Tivoli Security Compliance Manager provides… Scanning of systems to identify out-of-compliance laptops, PCs and servers Integrates with other Tivoli provisioning capabilities to perform rapid, error-free corrective action Benefits Ensure corporate compliance Protect employee productivity through well managed IT resources Decrease administrative costs due to IT process automation Enforce corporate system security through automated config managementvia Tivoli Configuration Manager ISSUE Employee PCs, laptops, and corporate servers often lack critical software updates such as fixes and patches Systems that fall out of compliance with the corporate standards of system security often vulnerable to attack or system failure System downtime results in lack of productivity or responsiveness to customer inquiries Tivoli Configuration Manager provides… Automated deployment of much-needed software bundles, including patches, e-fixes, and new application releases Fault tolerant distribution of software Benefits Help enforce corporate system security compliance and thereby reduce operational risks Protect employee productivity through well managed IT resources Decrease administrative costs due to IT process automation