Secure Cloud services paramount to data security: SBI
In order to ward off growing cyber threats against the banking and finance sector, standardising security infrastructure is the key and deploying secure Cloud services is the first step towards that, a top State Bank of India (SBI) executive has emphasised.
The SBI has deployed proactive security governance that includes security coding practices, master-data management policy, data dictionary and log maintenance policy.
"The moment you have non-standard infrastructure, non-standard protocols and non-standard coding practices, cracks are visible. Also in the Cloud, the first thing that is enforced is discipline," Mrutyunjay Mahapatra, Chief Information Officer (CIO), SBI, said.
He stressed on the need for an infrastructure where cyber threats can be detected and the need for deployment of Standard Operating Procedures (SOPs) when a system breach happens to mitigate it.
"No matter how hard you are prepared, security incidents will happen because hackers have the element of surprise and they will perpetrate risk," Mahapatra added.
To achieve these goals, SBI has deployed Oracle solutions across its services. Oracle has been SBI's primary partner for a long time, with the bank claiming to be the first one to deploy the "Oracle Cloud Machine".
SBI has also been using "Oracle Social Cloud" to support its customer service for the last two years and has been taking help from the Cloud major for database integration and tuning.
"Oracle has transformed itself with its clients. Oracle is no more a static company which is centred around heavy-duty products. They are seamlessly working with us across services," the SBI CIO noted, adding that Oracle, with its knowledge transfer culture, has been helping SBI for years.
Cloud is now being looked as a panacea for all cyber security-related issue.
"If I have to do patching today in, say, 200 servers, I will have to spend so much of time, ensure so much of quality. While with Cloud that is managed centrally, it can have all the defences uniformly up-to-date," Mahapatra said.
Responding to reports of the massive data breach that affected SBI and other banks last year, prompting them to discard million of debit cards, Mahapatra denied that any debit card was compromised in a third-party system.
"There was absolutely no data breach in SBI. What happened was that we apprehended that some of our credit cards had been compromised in a third-party system. The entire banking system told the customers to change their passwords," he added.
As a proactive measure, SBI discarded six million debit cards, costing the bank nearly Rs 2 crore.
However, at a time when hundreds of new cyber-threats are detected every minute, the security breach is likely to happen if the infrastructure is not up-to-date and standardised.
On an average, SBI detects rogue traffic almost every second.
During most of cyber attack incidents, people are unaware about what exactly happened as they try to hush it up, fearing that a leak may get to the media.
"We are creating an internal community where people will be free to report. We lead a community that reports internally about security attacks," Mahapatra stressed.
Most of the security breaches come from insiders and, according to Mahapatra, such incidents happen because of complacency, ignorance and carelessness.
"The SBI is recruiting professionals who understand the sensitivity of cyber security," Mahapatra added.