Layered Security from the Edge to the

Core: The new imperative for banks

Sheung-Chi NG
APAC
Sheungchi.Ng@safenet-inc.com
Jun 2016

Why Layered Security from the Edge to the Core ?

Layered Security for Banks - Gemalto Confidential

New challenges in the disrupted banking market

Increased cyberattacks

Market
disruption

Increased
mobility

Stricter
compliance

Cost
pressures

Bank systems are

attacked daily resulting
in low customer
confidence and financial
losses

Technological innovation and

regulatory changes eroding
many of the competitive
advantages traditionally held
by banks

Consumers have come

to increasingly rely on
online and mobile
services, and have
escalating expectations
for these services

Compliance
requirements represent
a never-ending effort for
IT and security teams in
banks

Increased competition in
many segments serves
to intensify pricing
pressures

Layered Security for Banks - Gemalto Confidential

Increased threats

x2
The number of breaches in
the financial services sector
almost doubled between 2014
and 2015

Layered Security for Banks - Gemalto Confidential

60.4m

60.4 million was lost in

UK in 2014 due to online
banking fraud

x3.1
3.1-fold increase in
malicious mobile programs

Market disruptions

27%

29%

49%

Of banks think that new

entrants and the changing of
the banking competition
market will have the biggest
impact on retail banks in the
years 2020

Of banks think that the

emergence of non-traditional
services (mobile payments,
mobile wallets, virtual banks,
etc.) will have a negative impact
on their profitability

Of banks agree that the

traditional branch-based
banking model will be dead
by 2020

Layered Security for Banks - Gemalto Confidential

Increased mobility

Highly reliant on online

and mobile channels
More than one in four customers
would likely consider a branchless
digital bank if they were to switch
from their current bank

Not willing to
compromise on security

Accenture, The Digital Disruption in Banking, 2014

Demanding
convenience

Layered Security for Banks - Gemalto Confidential

Stricter compliance

The European Commissions Payment

Services Directive (PSD), first adopted in
2007, has been revised (referred to as
PSD2), with new regulations taking effect in
2015. For incumbent banks, this regulation
has also served to open up segments to
intensified competition with new market
entrants

Layered Security for Banks - Gemalto Confidential

First released in 2004, this standard

has received several updates, and
the most recent updates have
continued to up the ante in terms of
the rigor of the requirements,
including new stricter auditing
processes.

The FFIEC is a formal U.S.

government body that prescribes
principles and standards for a number
of agencies that manage financial
institutions in the U.S. The council has
undertaken a number of initiatives to
help banks understand and mitigate
cyber threats.

Cost pressures

IT and security leadership will need to

reduce costs and boost efficiencies, while at
the same supporting all the strategic
imperatives

Layered Security for Banks - Gemalto Confidential

What is Layered Security from the Edge to the Core ?

Layered Security for Banks - Gemalto Confidential

Security from the Edge to the Core Addressing a Banks Entire Ecosystem

eBanking

Transaction
Processing

Enterprise
Security

10 Layered Security for Banks - Gemalto Confidential

eBanking

Retail banking

Corporate banking

eCommerce

Layered security will be needed for

securing such activities as check
balancing, registering new payees,
and doing both domestic and
international money transfers.

These organizations will need to

employ layered security in such
areas as wire transfers and dual
control services offered to
customers.

In these environments, layered

security will be vital in safeguarding
online transactions.

11 Layered Security for Banks - Gemalto Confidential

Transaction Processing

Transaction
processing and
verification

12 Layered Security for Banks - Gemalto Confidential

Payment card and

PIN issuance

eInvoicing, for
example for crossborder value-added
tax (VAT)
management

Inter-bank
transactions

Enterprise Systems

Safeguarding access
for local and remote
employees, including
those logging in to
virtual private networks
(VPNs)

Securing cloudbased services

and assets and
virtual desktop
infrastructures
(VDI)

13 Layered Security for Banks - Gemalto Confidential

Protecting
cardholder data
and other sensitive
assets in
databases

Reducing the
scope of efforts
required to comply
with PCI DSS and
other mandates

Securing sensitive
data in file shares

How does Layered Security from the Edge to the Core work ?

14 Layered Security for Banks - Gemalto Confidential

Layered Security addresses multiple touch points

Endpoint
protection
Bank fraud
management

Encryption and
key management

Authentication and
transaction signing

15 Layered Security for Banks - Gemalto Confidential

Combination of security layers for a comprehensive protection

Endpoint protection

Attacks & Threats

16

Internal Use Only

Authentication

Fraud Management

Data Encryption

Endpoint protection
End users interact with their bank through several digital channels
smartphones, tablets, laptops. It is essential for banks to
establish safeguards across all devices. Controls need to be in
place to establish the authenticity and integrity of devices before
sensitive data is accessed or transactions are conducted.

17 Layered Security for Banks - Gemalto Confidential

Authentication and transaction signing

A strong authentication solution that validates the identities of users and computing
devices that request access to the banks system and network is key to building a
secure and cyber-resilient banking infrastructure. A flexible approach that enables banks
to implement different authentication methods based on different risk levels will ensure a
robust system that can be efficiently and cost-effectively deployed.

18 Layered Security for Banks - Gemalto Confidential

Fraud management
Sophisticated cyber-attacks are an ever-present threat for banks. Fraud management which
offers end-to-end transaction monitoring and seamlessly integrates with the other security
layers provides protection for bank customers and back end systems.

19 Layered Security for Banks - Gemalto Confidential

Encryption and key management

As the data banks produce, process, and store grow, it becomes a
prime target for hackers and malicious attacks. Encryption and key
management is a critical line of defense because it applies
protection at the core directly to the data wherever it resides.

20 Layered Security for Banks - Gemalto Confidential

Gemaltos solutions to implement Layered Security

from the Edge to the Core

21 Layered Security for Banks - Gemalto Confidential

u33
Office
u42[2]1

Gemalto Identity and Data Protection solutions offers strong

security measures on every one of these 4 touch points.

22 Layered Security for Banks - Gemalto Confidential

Slide 22
u33

This slide still needs to be improved, but I don't know what to suggest..
user, 1/7/2016

Office [2]1 lgga i cirklar

Microsoft Office-anvndare, 1/11/2016

u42

Can you create a diagram that represents all the Identity and Data Protection solutions for banks?
user, 3/25/2016

Ezio for secure eBanking and eCommerce

With the Gemalto Ezio Suite, banks can secure any eBanking or eCommerce use cases. The
Ezio Suite allows banks to deploy their services in a secure and user-friendly way across all
digital channels while guaranteeing great flexibility in terms of backend implementation and
technologies.

23 Layered Security for Banks - Gemalto Confidential

eBanking Solutions
SOLUTION OVERVIEW

END POINT PROTECTION

ANTI
MALWAR

ARMORED
BROWSER

ENDUSER
DEVICES

AUTH
SERVERS

DEVICE
IDENTIFICATI
ON

DEVICE
REPUTATION

TRUSTED
USER
INTERFACE

EMBEDDED
SES/TEE

AUTHENTICATION &
TRANSACTION SIGNING
BIOMETRY

BEHAVIOU
R ANALYSIS

CALL
BACK

Q&A

PASSWORDS
PARTNERSHIP

FRAUD MANAGEMENT

GEMALTO
FRAUD
MANAGEMENT

PROTECTION AT THE CORE

SECURE
CHANNEL

EZIO E2E
ENCRYPTION

HSM

Encryption for data protection & secure transaction processing

Gemalto offers an array of solutions that help banks safeguarding internal systems and
data in transit between banks and their customers and partners:

SafeNet Hardware Security

Modules (HSMs)

SafeNet Network
Encryption products

SafeNet PIN
Delivery

SafeNet HSMs deliver maximum

security of cryptographic keys, while
offering the operational efficiency
that comes with working with a
central platform for encryption
provisioning, authentication, and
digital signing.

Banks can establish strong

safeguards around their network
transmissions, while still ensuring
the requisite levels of performance
and availability.

Banks can establish secure Webbased PIN issuance and

managementand so eliminate the
costs, risk, and inconvenience
associated with paper-based PIN
delivery.

25 Layered Security for Banks - Gemalto Confidential

Transaction security
and Encryption
SOLUTION OVERVIEW
Key Storage
Network
Attached
HSM

Embedded
HSM

USB
Attached
HSM

Cloud HSM

Payment Key Storage

Payment
HSM

Customizable
HSM

Crypto Resource Management

Crypto
Command
Center

Data in Transit Encryption

High Speed
Encryption

26

SafeNet Authentication Service & Encryption Solution for Enterprise Security

Gemalto offers advanced solutions that enable banks to establish strong controls over
sensitive data, and who can access it and when:

SafeNet Authentication
Service

SafeNet Encryption
Connectors

SafeNet KeySecure

Fully automated authentication

solution to protect access to all
enterprise applications,
including on-premises, in the
cloud, and in virtual desktop
infrastructure (VDI)
environments.

A set of solutions for encrypting

data in applications, databases,
file systems, network-attached
storage, and more to establish
strong data protections across
on-premises, virtualized, and
cloud environments.

A key management platform

that can centrally store and
manage keys for Gemalto
encryption products and thirdparty solutions.

27 Layered Security for Banks - Gemalto Confidential

Encryption
Solutions

SOLUTION OVERVIEW
Structured Data Encryption
Database
Encryption

Application
Data
Encryption

File
Encryption

Application
Data
Encryption

Unstructured Data Encryption

Tokenization

Transparent
Data
Encryption

Transparent
Data
Encryption

Key Manager

Key Manager

Cloud Encryption
Virtual Instance

Key Manager

Virtual Key
Manager

SafeNet Confidential and Proprietary

28

28

Enterprise
Authentication
Solutions

SOLUTION OVERVIEW

AUTHENTICATION
Management

Soft
OTP

Federation

PW
Vault

Enterpris
e ID

Social ID

OTP

OOB

Smartcard

USB

Context

Grid

SIM
TEE

Passw
ord

Bluetooth

SINGLE SIGN-ON
SSO
Portal

Desktop

Mobile

BYOI
Government
ID

FIDO

MOBILE ID

IDAAS
Provisioning

PAM

Authorization

Directory
Integration

SafeNet Confidential and Proprietary

29

Gemalto SafeNet Encryption Ecosystem

Offers the industrys most expansive ecosystem of integrations for encrypting data within third party environments

Tokenization

ProtectDB

ProtectFile

ProtectApp

ProtectV

Application
Servers

Databases
Web & Application
Servers

Indicates a SafeNet Product

30
30

Encryption

13.06.16

File Servers
& Shares

Virtual Machines

Gemalto Data Encryption & Crypto Management

SafeNet Data Encryption Solutions

Tokenization
Manager

Payment
Transactions

ProtectApp

ProtectFile

ProtectDB

StorageSecure

ProtectV

Ethernet
Encryption

SIEM Tools

KeySecure or
Virtual KeySecure

Backup, Storage &

Archive

Email Gateway

Luna HSM or
Cloud HSM

Customer KMIP
Client

SSL Webserver
File & Disk
Encryption

Doc
Signing

Cloud Storage
& Encryption
Gateways

Crypto Command Center

Crypto Management Platform

31
31

Crypto Management

Gemalto secures FSI -

32

A unified, scalable and extensible platform

How do we solve customers pain points?

Gemaltos multi-layered security solutions offers

Security
Provide bestbest-inin-class security
technologies to enable banks
to prevent fraud and attacks
Ensure the right level of
security across all digital
channels

33

Internal Use Only

User convenience
Gemalto solutions are
customercustomer-centric and
designed with usability in
mind
Gemalto solutions allow
frictionless consumer
experience with the right
balance of visible and
invisible security thanks to
silent authentication

Compliance
Gemaltos solutions allow
banks to comply with the
most demanding standards
and regulations in a costcostefficient manner.

Competitiveness
Gemaltos solutions enable
banks to streamline their
operation costs by adapting
their marketing mix

Thank you
Sheung-Chi NG
APAC
Sheungchi.Ng@safenet-inc.com
Jun 2016

34 Layered Security for Banks - Gemalto Confidential