The financial institution was growing by leaps and bounds. Business managers had a plan for growth by acquisition and they were implementing it. The first acquisition was in Grand Cayman. From there financial institutions located in five other island countries were acquired in quick succession. The Chief Information Officer was tasked with enabling the cost efficiencies the business side was looking for. Where were the economies of scale? Why couldn’t the operations be consolidated?
There were seven different IT infrastructures from seven different countries. Each with its own set of security policies and protocols. How do you integrate secure financial networks on far flung islands throughout the Caribbean?The CIO sought the professional advice of an experienced vendor with this question – a vendor who understood that this was a cultural and compliance problem as much as it was a technological problem. In order for any solution to work, we had to gain buy-in from all constituencies.
The professional advisors met with the CIO and proposed that a task force was put together that included equal representation of members from all seven countries – although the headquarters and the branch in Grand Cayman were bigger and had larger IT staffs than the other five locations. The vendor worked with the ad hoc task force to consolidate and homogenise all their requirements. While nobody got everything they wanted, everybody got almost everything they wanted as there was a list of requirements that had been determined that made sense.
Due to the transport issues inherent in the Caribbean, it was decided to use the public Internet as the backbone of the network. Because the financial institution needed high availability, it was decided to use multiple, redundant Internet Service Providers (ISPs). The core firewall management functions were subcontracted to a third party Managed Security Services Provider (MSSP). This was a controversial approach at the time, as it was perceived that the financial institution would give up control of their security infrastructure. The exact opposite happened. Not only did the quality of firewall management increase, but the numerous audits, including SAS 70 Type II and PCI, significantly reduced IT risk.
The experienced vendor built the technical design that is depicted in Figure 1 and installed, configured, tested and tweaked it at the headquarters location. Because standardised hardware and software were being used throughout the seven island rollout, the problems occurred and were resolved at headquarters and did not reoccur. Although the entire project took eleven months from start to finish (to accommodate the logistics involved in scheduling seven different countries), the actual rollout was done in ten weeks. Most global networks for financial services organisations deploy private network circuits such as Frame Relay, MPLS or similar technologies. In this case study, the categories of information required to flow across the VPN were well suited to the capabilities of the public Internet.To provide true high availability for both the VPN and general Internet traffic. Internet Security appliances were used at the periphery of the network. These devices allowed for seamless failover communication in the event that an ISP went down, as well as load balancing for all ISP connections.
To ensure the confidentiality and integrity of the data, IPsec was used with a strong cryptography suite (AES-256). Digital certificates, instead of passwords, were used to authenticate the endpoints of the other offices.This high-performance security solution allowed the financial institution to bring 25 branches on seven Caribbean islands plus two European locations (totaling 2,000 users) together under one secure network. It also provided improved operational efficiency and increased network control, resulting in significant savings. The private/public network hybrid using high-performance security solutions has provided exceptional cost savings, but has also eased the network administrators’ workload to the point where they need less administrative support.
The financial institutions are able to monitor and audit everything in real time. Controlled via a centralised, rule-based solution that provides granular management of the system’s behavior, administrators are able to easily control access and ensure the delivery of business critical applications.
IT management in organisations that operate branch offices must accommodate the often conflicting needs of the branch offices and headquarters. Branch locations, especially those located in different geographies, typically seek high levels of flexibility and autonomy in implementing IT solutions, which may cause them to work outside of corporate IT policies. Nevertheless, expanding corporate requirements call for centralised management, enhanced security, and regulatory compliance. For many businesses, the trade-offs that must be made between these two conflicting requirements lead to significant operational costs.
By gaining buy-in up front from all affected entities in this instance, the vendors were able to design and deploy a highly secure, highly available network with a single set of policies across seven islands of automation in seven branches in seven different countries. Today, that seven has grown to eleven as the financial institution continues to grow via acquisition. The CIO has no worries as the integration of new acquisitions happens in an orderly and systematic way. The financial institution’s business managers are happy as they’re realising the cost efficiencies of growth.
What needs to be done?
Disruptive innovations – those that change the dynamics of an industry – are normally the ones that garner attention. Innovations can be any novel improvement that delivers business benefits. Today, many CIOs are being asked to reduce costs while simultaneously leveraging IT to drive competitive advantage. Due to competitive pressures along with increasing regulations, every financial institution is feeling the need to be innovative, to look for novel solutions to business problems, to create competitive advantage in any way possible. Change is a constant, and innovation is a daily requirement.
Whether the goal of IT innovation is to beat the competition or simply to keep up with it; whether you’re rewarded for making money or for saving it, you’re coping with the demands of a dynamic environment (inside and outside of your organisation). Ideas for IT-enabled business innovations don’t always spring fully-formed from the imaginations of CIOs. They’re often influenced by technological developments, peers on the business side of the organisation, and by vendors. It can be difficult to see the forest for the trees from the inside. Often an external resource steeped in technology and industry knowledge can provide the necessary catalyst for innovation.