Standard Chartered outlines how strategy would work in practice

Standard Chartered Bank faces a unique challenge in securing its IT systems. It specialises in operating in parts of the world...

Standard Chartered Bank faces a unique challenge in securing its IT systems. It specialises in operating in parts of the world where the banking market is underdeveloped or where banking infrastructure is not fully operational.

John Meakin, group head of information security at Standard Chartered Bank and a Jericho Forum member, said, "Today's IT requires a heavy infrastructure using firewalls to protect servers containing sensitive information. Costs are increased by having to build this infrastructure."

Meakin faces the prospect of building such infrastructure in countries where it does not already exist, but the cost that can make establishing a banking service uneconomical.

"We would like to use IT that is readily available, such as a PC and internet connectivity. I want to be able to rent office space with an internet connection, install a PC and connect to my bank's network through a web browser," he said.

Deperimeterisation could achieve such flexibility. "We need to be able to shrink the security envelope down to the individual PC at the remote end to keep it and local information secure and perform rigorous checks on the secure state of the PC when it connects to the network," Meakin said.

Meakin does not even want to worry about the local area network security at the remote site. He would like each PC to be secured individually with its security only valid during the time the user is connected to the bank's network.

But current browser technology is far from secure enough to cope with this model. Browsers store information locally on the PC and retain information such as cookies and a history of recently visited websites, making them a security risk.

"It is amazing how leaky a browser session is," said Meakin. He is looking for a way to "sanitise" the PC so that any information held within a web browsing session is removed once the user logs off, to prevent an intruder from reconnecting to the bank's network.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close