Standard Chartered Bank faces a unique challenge in
securing its IT systems. It specialises in operating in parts of
the world where the banking market is underdeveloped or where
banking infrastructure is not fully
operational.
John Meakin, group head of information security at Standard
Chartered Bank and a Jericho Forum member, said, "Today's IT
requires a heavy infrastructure using firewalls to protect servers
containing sensitive information. Costs are increased by having to
build this infrastructure."
Meakin faces the prospect of building such infrastructure in
countries where it does not already exist, but the cost that can
make establishing a banking service uneconomical.
"We would like to use IT that is readily available, such as a PC
and internet connectivity. I want to be able to rent office space
with an internet connection, install a PC and connect to my bank's
network through a web browser," he said.
Deperimeterisation could achieve such flexibility. "We need to be
able to shrink the security envelope down to the individual PC at
the remote end to keep it and local information secure and perform
rigorous checks on the secure state of the PC when it connects to
the network," Meakin said.
Meakin does not even want to worry about the local area network
security at the remote site. He would like each PC to be secured
individually with its security only valid during the time the user
is connected to the bank's network.
But current browser technology is far from secure enough to cope
with this model. Browsers store information locally on the PC and
retain information such as cookies and a history of recently
visited websites, making them a security risk.
"It is amazing how leaky a browser session is," said Meakin. He is
looking for a way to "sanitise" the PC so that any information held
within a web browsing session is removed once the user logs off, to
prevent an intruder from reconnecting to the bank's network.