Banks in Malaysia Urged to Rethink Its Traditional IT Security Practices

With More Financial Business Functions Going Online, It has become Critical for Banks to Overhaul Their IT Security Strategy

MALAYSIA, 13 October, 2011 – Fortinet, a leading network security provider and worldwide leader of unified threat management (UTM) solutions, is calling for banks and financial institutions in Malaysia to rethink their traditional network security practices. As mobile devices proliferate, bandwidth demand expands and new cyber threats emerge due to the adoption of Web and cloud-based application, the traditional IT security model in the financial sector is starting to reach its limits in guaranteeing the right levels of customer privacy and protection of their sensitive data.

Of late, it has become a huge challenge for financial institutions to constantly find ways to improve security coverage, performance and visibility, and at the same time meet stringent regulatory demands. Regulatory and legislative compliance is ranked by financial institutions as one of their top five security initiatives, according to Deloitte’s 2010 Financial Services Global Security Study. Banks, however, are challenged by the need to limit the overall cost of implementing compliance, which has been alarmingly high so far.

Achieving compliance has become more complex. In the case of PCI-DSS, despite its seemingly narrow focus on cardholder data protection, the standard spans most IT disciplines and skills, including the network, database, web applications, file systems and encryption. When combining the number of requirements posed to the bank’s IT infrastructure with the number of compliance and market regulation rules (such as PCI-DSS, SOX, Basel II/III and GLBA), it is clear that banks are compelled to automate and consolidate.

With more financial business functions going online, it has become critical for banks to overhaul their IT security strategy. While investments should be put in educating employees on best practices around the use of Web-based applications, data leak prevention, mobile devices’ vulnerabilities and others, granular security policy definition and enforcement down to the user level is a must. Without an integrated IT security strategy firmly in place, the banks’ visibility on their global security posture will be significantly reduced, thus making their protection from internal and external threats less effective. Banks therefore need to adopt IT security solutions that enable application control—recognizing traffic by application source and user, not just by port—as well as control of the various endpoints connected to the network.

Banks in Malaysia should be cautioned that IT network security does not end at the perimeter of the network of their head office. Their challenge is to implement and manage a security infrastructure that extends to hundreds of branch offices that span across the globe. The consolidation of network security appliances, through the integration of key security functions, virtualization and centralized system management all play an important role in improving flexibility and gaining complete visibility and control over the network. It also helps fulfil compliance obligations and the regular infrastructure audits banks are subject to.

Defining network security strategy, centralizing policy-based provisioning, configuration, and updating management from perimeter to endpoint security are core requirements for all financial institutions in Malaysia. Adopting solutions that simplify and unify their security architecture across every point of the network, including branch offices, ATM systems, and mobile endpoints, is the only way they can dramatically lower risk exposure while limiting complexity and costs.

Local financial institutions should move towards a new strategic IT security model based on convergence and greater alignment to business needs. This include shifting from the traditional focus of simply securing IT assets to protecting and enhancing business functions, adapting to a dynamic user environment and sustaining manageability. Through this new approach, IT departments of financial services firms are able to streamline their security deployments, and improve their organization’s operations and ROI.