PHOTO - George Chang, Fortinet Inc, regional director for Southeast Asia & Hong Kong.
As more financial business functions go online, Malaysian banks need to overhaul their security strategy to meet the demands of cloud-based applications, said unified threat management (UTM) solutions firm Fortinet Inc (Fortinet).
Fortinet regional director for Southeast Asia & Hong Kong George Chang said banks and financial institutions in the country need to urgently manage the security aspects of mobile device proliferation. "As bandwidth demands expand and new cyber threats emerge due to the adoption of Web and cloud-based applications, the traditional IT security model in the financial sector is starting to reach its limits in guaranteeing the right levels of customer privacy and protection of their sensitive data."
"Of late, it has become a huge challenge for financial institutions to constantly find ways to improve security coverage, performance and visibility, and at the same time meet stringent regulatory demands," said Chang. "Regulatory and legislative compliance is ranked by financial institutions as one of their top five security initiatives, according to Deloitte's 2010 Financial Services Global Security Study. Banks, however, are challenged by the need to limit the overall cost of implementing compliance, which has been alarmingly high so far."
He said that achieving compliance has become more complex. "In the case of PCI-DSS [Payment Card Industry Data Security Standard], despite its seemingly narrow focus on cardholder data protection, the standard spans most IT disciplines and skills, including the network, database, Web applications, file systems and encryption. When combining the number of requirements posed to the bank's IT infrastructure with the number of compliance and market regulation rules (various standards that include PCI-DSS, SOX, Basel II/III and GLBA), it is clear that banks are compelled to automate and consolidate."
"With more financial business functions going online, it has become critical for banks to overhaul their IT security strategy," Chang said. "While investments should be put in educating employees on best practices around the use of Web-based applications, data leak prevention, mobile devices' vulnerabilities and others, granular security policy definition and enforcement down to the user level is a must."
Integrated security strategy a must
"Without an integrated IT security strategy firmly in place, the banks' visibility on their global security posture will be significantly reduced, thus making their protection from internal and external threats less effective," added Chang. "Banks therefore need to adopt IT security solutions that enable application control-recognising traffic by application source and user, not just by port-as well as control of the various endpoints connected to the network."
Sign up for CIO Asia eNewsletters.