Secure and auditable web services for financial institutions

Similar documents
The Alcatel-Lucent 8550 Web Services Gateway Automated Workflow for Improved Patient Care

must secure their online, automated business processes with partners

How can Identity and Access Management help me to improve compliance and drive business performance?

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

CA SiteMinder SSO Agents for ERP Systems

SECURE ACCESS TO THE VIRTUAL DATA CENTER

White Paper. Central Administration of Data Archiving

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

RSA SecurID Two-factor Authentication

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

CA Federation Manager

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

An Oracle White Paper Dec Oracle Access Management Security Token Service

05.0 Application Development

Cloud security with Sage Construction Anywhere

IBM Maximo technology for business and IT agility

FileCloud Security FAQ

Provide access control with innovative solutions from IBM.

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Internet File Management & HIPAA A Practical Approach towards Responding to the Privacy Regulation of the Act

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

White paper. Implications of digital certificates on trusted e-business.

Security management solutions White paper. Extend business reach with a robust security infrastructure.

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Network Security Topologies. Chapter 11

WatchGuard SSL 2.0 New Features

VPN. Date: 4/15/2004 By: Heena Patel

PCI Requirements Coverage Summary Table

Controlling Web Access with BMC Web Access Manager WHITE PAPER

Safeguarding the cloud with IBM Dynamic Cloud Security

Technology Consulting. Infrastructure Consulting: Next-Generation Data Center

Web Services Security with SOAP Security Proxies

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

How To Secure Your Data Center From Hackers

Hosted Testing and Grading

COORDINATED THREAT CONTROL

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

Evolution from FTP to Secure File Transfer

PCI Requirements Coverage Summary Table

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

CUSTOMER MASTER DATA MANAGEMENT PROCESS INTEGRATION PACK

Enterprise Security with mobilecho

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

FREQUENTLY ASKED QUESTIONS. Oracle Applications Strategy

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Securing Web Services From Encryption to a Web Service Security Infrastructure

Active Directory LDAP

Is Your Identity Management Program Protecting Your Federal Systems?

How much do you pay for your PKI solution?

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Guide to Evaluating Multi-Factor Authentication Solutions

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Extranet Access Management Web Access Control for New Business Services

CHIS, Inc. Privacy General Guidelines

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Installation Guide for the WebPortal

Preemptive security solutions for healthcare

Akamai for SAP Acceleration:

How To Protect Your Data From Harm With Safenet

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Payment Card Industry Data Security Standard

The Challenges of Administering Active Directory

D50323GC20 Oracle Database 11g: Security Release 2

Network Design Best Practices for Deploying WLAN Switches

A Survey on Security Issues in Service Delivery Models of Cloud Computing

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Improving Security and Productivity through Federation and Single Sign-on

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Red Hat Enterprise ipa

Long Term Evolution (LTE) for Public Safety

WHITE PAPER. Identikey Server 3.1 Strong Authentication solution for On-Demand Applications and SaaS

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Why SAAS makes sense: The benefits of Cloud Computing for Archiving

Managing internet security

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Expanding DoD Network Management Secure Multi-web Remoting Tool (SMRT) 1 Abstract. 2 Network Management Systems

How To Achieve Pca Compliance With Redhat Enterprise Linux

Mobile Data Security Essentials for Your Changing, Growing Workforce

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Understanding and Selecting the Right Secure File Transfer Solution for your Organization

The Role of Password Management in Achieving Compliance

Virtualized Network Services SDN solution for enterprises

FileMaker Security Guide The Key to Securing Your Apps

White paper: Information Rights Management for IBM FileNet. Page 1

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

F5 and Microsoft Exchange Security Solutions

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. 1

SUPPLIER SECURITY STANDARD

Transcription:

Alcatel-Lucent OmniAccess 8550 Web Services Gateway Secure and auditable web services for financial institutions

Multiple systems in the financial industry loan and mortgage applications, risk reporting, offline batch processing, Internet banking, enterprise resource planning (ERP), and customer relationship management (CRM) operate together to process billions of daily transactions. Technology is imperative to keep the financial engines running. However, when using a variety of solutions, it is difficult to integrate enterprise class authentication, authorization and auditing into a group of disparate IT systems and still maintain information security, corporate governance and regulatory compliance. The leading technology to facilitate interoperability between disparate business systems is to use a common element through which all services can operate. Service-oriented architecture (SOA) is widely used in the financial industry as a flexible modular framework designed to enable interoperability as a service over a network (Internet, intranet, extranet). The greatest strengths of SOA environments are providing business agility and IT system re-use through flexibility and openness. The true burden of all financial institutions is to have the ability to easily and accurately prove that each transaction is completed according to regulatory and corporate governance standards. However, like a double-edged sword, it is also a SOA s greatest weakness, because by default, an SOA has minimal authentication and authorization mechanisms and lacks functions critical to financial institutions such as consolidated auditing and policy enforcement capabilities. The sensitive nature of the information routinely handled by financial institutions demands enterprise-wide role-based authentication of users, run-time authorization of transactions, and consolidated audit trails to create a historical record for corporate governance and to demonstrate regulatory compliance. 2 Alcatel-Lucent 8550 Web Services Gateway

any [SOA] system is inherently insecure the moment you open it up to the outside world. Butler Group OMNIACCESS 8550 WEB SERVICES GATEWAY The Alcatel-Lucent OmniAccess 8550 Web Services Gateway (WSG), deployed as in Figure 1, provides reliable enterprise-wide user-centric stateful policy enforcement with consolidated audit trails to web-enabled services, data, applications and business processes. Once deployed, the OmniAccess 8550 WSG provides a secure application-independent infrastructure to share web services between financial institutions and their partners regardless if the services are local or external (outside the firewall). The benefits gained are corporate-wide security risk management capabilities, end-to-end enterprise-class data and identity security (encryption, digitial signing, and single identity), and stateful (multi-transaction) run-time policy enforcement to ensure compliance with consolidated audit trails to demonstrate compliance. Figure 1. Example OmniAccess 8550 Web Services Gateway Deployment Remote Datacenter esales Portal Sales Force Mortgage Application OA8550 WSG DMZ Batch Processing Primary Datacenter CRM Systems OA8550 WSG Internet Banking OA8550 WSG ERP Systems Financial Systems Alcatel-Lucent OmniAccess 8550 Web Services Gateway 3

SINGLE IDENTITY AND STATEFUL POLICY ENFORCEMENT Threats to sensitive information come from multiple sources. Internal threats come from employees and external threats from partners, outsourcers, contractors and the Internet. The OmniAccess 8550 WSG uses data encryption coupled with stateful policy enforcement and active auditing to ensure that transactions are secure and stored data is safe from misuse. Figure 2. Sources of threats to information security Threats from business partners Threats from outsources Threats from employees Treats from contractors The OmniAccess 8550 WSG allows single identity and identity mapping from internal and external authentication systems of trusted partners. The OmniAccess 8550 WSG integrating with these authentication systems will share digital credentials; enabling a the trust relationship between partners Very importantly, each partner can employ their own authentication systems as well as maintain their own identity store and set access policies independently. After validating the credential of a user, the OmniAccess 8550 WSG uses a combination of user-aware authorization and policy enforcement for information access control. Authorization is based on the credentials of the user; the OmniAccess 8550 WSG controls which users can access and/or change data based on users level of access. Stateful (multi-transactional) policy enforcement allows policy to be enforced on each transaction based upon the context in which it is requested. During the transaction, the OmniAccess 8550 WSG enforces published policies in a stateful manner at run time. For instance, a password reset request might be normal, but not if it is followed by a large transfer of funds. The OmniAccess 8550 WSG would be able to see the password change and deny fund transfers after a password change without additional authentication or could trigger an alert followed by a phone call to the customer. With user centric stateful run-time policy enforcement, the OmniAccess 8550 WSG can effectively secure the integrity and confidentiality of information from end-to-end for each transaction as well dictate how the transaction information is accessed and modified. 4 Alcatel-Lucent OmniAccess 8550 Web Services Gateway

REGULATORY COMPLIANCE Regulatory compliance is one of the most difficult and time-consuming hurdles for financial institutions. The OmniAccess 8550 WSG takes over the management of higher functions such as policy enforcement and auditing by inserting itself into the XML message flow. The OmniAccess 8550 WSG can therefore monitor each transaction from end-to-end and can automatically perform auditing functions to document that session data integrity was maintained and application data was properly secured after the transaction was completed. For instance, a bank creates a rebate program of $100 for employees who sign up for a new credit account. There are several steps for the rebate program: the rebate request, rebate amount calculation, manager approval and payroll disbursal. The first three steps are handled by a web service linked to the system that handles new credit accounts and the final step is handled by the payroll system. All validation of user credentials and policy enforcement is handled by the OmniAccess 8550 WSG. Policies are in place to ensure duplicate accounts are not created and that an alert is sent if an employee earns more than $500 from the rebate program in a month. A transaction occurs as shown in Figure 3. Figure 3. Validation process example 2. Credit calculated submitted for approval Rebate application LDAP Historical 4. Credit issued Payroll Rebates to employee 1. Rebate request submitted Rebate request OA8550 Payment issued 3. Approval granted HRDB Rebate approval 1. A representative receives authentication into the credit system and signs up a new account. The rebate request is validated by checking to make sure the representative is an actual current employee and that they have the authority to add the account. 2. The employee request is compared to the new customer database to validate that the customer is real and not a duplicate. In addition the system validates the rebate amount at $100. 3. The rebate request is sent to the manager of the representative for approval. The manager checks to make sure the account is set up correctly and validates the account for the rebate requirements. 4. The payroll department checks to make sure the rebate amounts are correct and the maximum rebate is not exceeded before disbursing the check. At each step, the OmniAccess 8550 WSG is authenticating, authorizing and auditing the transactions according to existing policies. After completion, a review of any transaction can be easily proven to be valid by accessing historical data from the OmniAccess 8550 WSG. Alcatel-Lucent OmniAccess 8550 Web Services Gateway 5

EXTENSION OF NETWORK SERVICES TO PARTNERS The financial world is a synergy of large, medium and small companies working together to create a portfolio of products using a variety of applications. Therefore, it is important for financial institutions to be able to easily connect with a variety of business partners, contractors and outsourcers. However, connecting various businesses creates a problem tracking all the activity of each transaction through multiple business systems and networks. Since the OmniAccess 8550 WSG is the common element it can track all transaction activity in accordance with Statement on Auditing Standards (SAS) No. 70 (SAS 70) practices and consolidate the activity into a single tracking report. When IT functions are outsourced the ultimate responsibility for achieving control objectives rests with the client American Institute of CPAs Figure 4. Example OmniAccess 8550 Web Services Gateway Deployment Primary Datacenter Remote Datacenter Security and Alerting WAN Partner 1 WS Network Element Identity Directory DMZ Application Servers WS Network Element Web Servers OA8550 WSG WAN Partner 2 OA8550 WSG DMZ WS Network Element WS Network Element 6 Alcatel-Lucent OmniAccess 8550 Web Services Gateway

The OmniAccess 8550 allows easy integration with external partners through identity interoperability, enabling cross-validation between partners and the extension of virtual services. Coordinating authentication systems has several benefits. First, by interfacing with existing authentication systems, the OmniAccess 8550 reduces the overall complexity of the system, creates flexible security that allows partners to be added or removed with out major infrastructure changes, and allows partners to individually maintain their own corporate governance. Second, it allows users to travel between sites and still have access to network services. And finally, a single point of control for partner access reduces the total cost of ownership (TCO) of the system. For partners that do not have their own authentication system, such as an independent contractor, the OmniAccess 8550 WSG can extend virtual services, which provide proper authenticated access while limiting the exposure to security threats. DATA INTEGRITY AND CONFIDENTIALITY The OmniAccess 8550 WSG secures data in real time through hardware engines dedicated encryption and digital signing. Each transaction can be secured using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and data is secured by encryption. Whether application data is in transit or stored, it is secured with state-of-the-art encryption technology. However, while sensitive data is secured from misuse, it is always available when and where it is needed (internally or externally). CONCLUSION The OmniAccess 8550 WSG is a corporate-wide solution designed to secure multiple services over a reliable and secure SOA backbone. By inserting itself into the XML message transaction flow, the OmniAccess 8550 WSG creates a single point for run-time policy enforcement thus assuring regulatory compliance and providing a single point for consolidated audit trails. The OmniAccess 8550 WSG means that web-service based business process integration doesn t have to mean an increase in risk; with the OmniAccess 8550 WSG financial institutions deploying web services reduce their exposure to both external and internal information misuse while easing the IT demands of corporate governance and regulatory compliance. Alcatel-Lucent OmniAccess 8550 Web Services Gateway 7

Alcatel-Lucent OmniAccess 8550 Web Services Gateway Alcatel, Lucent, Alcatel-Lucent and Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. 2008 Alcatel-Lucent. All rights reserved. 032108-00 Rev A 6/08 www.alcatel-lucent.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information