printer friendly version

Banking on security

Neil Cameron

When it comes to security, what differentiates financial sector organisations, particularly banks, is the large number of people, assets and facilities they must take into consideration. It calls for a security policy that is stringent enough to meet staff, customer, physical and regulatory needs, but flexible enough to provide for the unique challenges of disparate systems in numerous dissimilar physical locations (branches). A single, open, adaptable platform with the intelligence to automate and standardise security implementation and response across the broad, and at multiple levels of the organisation, could add immense value.

Banks generally have a huge customer base. To service them, they usually have a large number of branches, a big staff complement and numerous self-service terminals distributed nationally. With business conducted out of many different, often remote, locations, infrastructure – physical, security and technological – varies considerably and is constantly changing. For busy and constantly shifting business environments of this nature, security policies with replicable, auditable procedures are most often developed. The goal – to have a single universal response of a high standard to security breaches.

Since it is often not feasible to standardise the various security related systems – video surveillance, fire alarms, access control and perimeter alarms – at various business premises due to the cost involved, the need to maximise existing investments, facility limitations or even perhaps restrictions set by a landlord, another solution needs to be found.

An advanced and intelligent platform using open systems will enable financial organisations to easily and quickly integrate and manage hugely disparate security and facility systems. It will also facilitate deployment of a universal security policy, compel adherence and make possible an efficient standardised response with appropriate escalations. Adaptability of the platform will be key, however, as the threats to, and needs of financial services organisations are constantly changing.

There is a lot of value to be driven from security systems that cater for a converging reality where data and physical security reside side by side. For example, considering the amount of different departments within these organisations that interface with one another, there is a lot of benefit to integrating security into workflow, managing access to data as well as limiting authority and privilege of staff to protect the client. Similarly, HR will want to tightly control physical access by staff to sensitive areas according to rank and assigned tasks, as well as ensure that staff status is constantly updated – especially if they are no longer employed by the organisation.

What is important is to find a platform that is flexible enough to meet current needs as well as unknowable future needs five years from now. This platform should be able to integrate or interface with a building management system, video surveillance, access control, lighting system and fire alarms, among others.

What is out there and what are banks using? Some financial organisations are making use of local proprietary products or products that were built in-house to provide this kind of platform. Unfortunately, many of these products, while developed for the mainstream, are not quite big enough to manage enterprise security. Internationally proven platform solutions of this nature are also available. However, in selecting a solution, organisations should be aware of the level of local support they could expect, and what the turn-around time is likely to be where this is not available.

Organisations that are serious about building solid security foundations, should consider rolling out an enterprise-wide platform. By installing an enterprise server in a data centre and a server in each region or local branch, data exchange and updates become instantaneous, with changes (be they HR or other security configurations or procedure changes) rolled out to all national branches simultaneously.

To start, organisations should identify business critical facilities and roll out a common platform to each. Their long term view should be to connecting them all and extend the platform into all facilities. With a strong understanding of risk and risk management, financial organisations will quickly drive value from this foundation platform. It is an investment in their future.

Share this article:

Further reading: