2nd
ence Rep fer or n o
t
C
Cooperartive Banking
DECEMBER 2016 | VOLUME 02 | ISSUE 5 | US $10 | ` 75
THROUGH
SAFE BANKING
Maharashtra Shows The Way Forward
SECURED DATA
With banks’ increasing inclination towards digital interface drawing cyber breaches, it’s time to check how cyber secure are our banks?
SPECIAL STORIES
Banking upon
‘Third Eye’ to Secure Banks
Cloud & Data Centre Harbingers of
Secure Online Banking
Contents DECEMBER 2016
n VOLUME 02 n ISSUE 05
Securing Data for
CORPORATE INTERVIEW
08
COVER STORY
20
22
24
Rakesh Verma Managing Director, MapmyIndia
Ravi Singh Chief Business Officer, ItzCash
K Krishna Kumar CEO, C-Edge Technologies Ltd
26
SAFE BANKING
SPECIAL STORY
14
Banking upon ‘Third Eye’ to Secure Banks
18
Ensuring Safety of Your Money in ATMs FEATURED ARTICLE
16
Cloud and Data Centres: Harbingers of Secure Online Banking
4/ BFSI | bfsi.eletsonline.com | DECEMBER 2016
30
Govind Rammaurthy CEO & MD, MIcroworld Software Services Pvt Ltd
33
Manoj Paul Managing Director GPX, India
34
36
38
Omkar Shrihatti Co-founder & CEO Karza Technologies
Nilesh Jain Country Manager, India and SAARC, Trend Micro
Yogesh Paralkar Head - SBU India Product, InfrasoftTech
Ilias Chantzos Senior Director Government Affairs, EMEA-APJ, Symantec
INDUSTRY SPEAKS
23
52
Banking the unbanked through Blockchain and Bitcoin
Prasad Adiga COO, Lyra Infosystems
CONFERENCE REPORT
39
Cooperative Banking: Maharashtra Shows the Way Forward
Ahmedabad
e Th
154
COOPERATIVE BANKS
20
GOVERNMENT
92
CORPORATE
Sum
m
om it C
pri
ses
of
DECEMBER 2016 VOLUME 02 n ISSUE 05
EDITOR-IN-CHIEF: Dr Ravi Gupta
CONFERENCE | AWARDS | EXPO
EDITORIAL TEAM - DELHI/NCR Assistant Editor: Souvik Goswami, Gautam Debroy, Sandeep Datta Senior Correspondent: Manish Arora BANGALORE BUREAU T Radha Krishna - Associate Editor MUMBAI BUREAU Kartik Sharma - Senior Assistant Editor Poulami Chakraborty - Correspondent JAIPUR BUREAU Kartik Sharma - Senior Assistant Editor CHANDIGARH BUREAU Priya Yadav - Assistant Editor HYDERABAD BUREAU Sudheer Goutham B - Senior Correspondent LUCKNOW BUREAU Arpit Gupta - Senior Correspondent AHMEDABAD BUREAU Hemangini S Rajput - Assistant Editor SALES & MARKETING TEAM Product Head: Fahim Haq, Mobile: +91-8860651632 Senior Manager: Gaurav Srivastava, Mobile: +91-8527697685 Manager: Manu Raj Singhal, Mobile: +91-9871543890 Senior Executive - Shivam Pathania SUBSCRIPTION & CIRCULATION TEAM Manager Subscriptions: +91-8860635832; subscription@elets.in DESIGN TEAM Creative Head: Pramod Gupta, Anjan Dey Deputy Art Director: Om Prakash Thakur, Gopal Thakur, Shyam Kishore Senior Graphic Designer: Pradeep G EVENT TEAM Manager: Gagandeep Kapani ADMINISTRATION Head Administration: Archana Jaiswal EDITORIAL & MARKETING CORRESPONDENCE BFSI – Elets Technomedia Pvt Ltd: Stellar IT Park Office No: 7A/7B, 5th Floor, Annexe Building, C-25, Sector-62, Noida, Uttar Pradesh - 201301, Phone: +91-120-4812600, Fax: +91-120-4812660, Email: info@elets.in egov is published by Elets Technomedia Pvt Ltd in technical collaboration with the Centre for Science, Development and Media Studies (CSDMS). Owner, Publisher, Printer - Dr Ravi Gupta, Printed at First Impression Corporate Services Pvt. Ltd., E-114, Sector-63, Noida.UP and published from 710, Vasto Mahagun Manor, F-30, Sector - 50, Noida, UP. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic and mechanical, including photocopy, or any information storage or retrieval system, without publisher’s permission.
Write in your reactions to news, interviews, features and articles. You can either comment on the individual webpage of story, or drop us a mail at editorial@elets.in
6/ BFSI | bfsi.eletsonline.com | DECEMBER 2016
digitallearning
EDITORIAL
Indian Banking – The Story Behind A Rising Nation
W
ith the Indian banking sector embracing innovative ways to enable even the last man to embark on the journey of digital India, away from all apprehensions, ensuring a fool proof financial system has turned crucial like never before.
Also, since Prime Minister Narendra Modi-led government opting for demonetisation route to cleanse the nation of black money, new challenges, apart from recent cyber attacks, are yet to properly emerge on security front of financial institutions. The latest BFSI issue’s cover story “Safe Banking Through Secured Data” highlights how rising inclination towards digital interface is also facing threat from cyber breaches. Our special stories including – “Banking Upon Third Eye to Secure Banks” and “Cloud and Data Centres -- Harbingers of Secure Online Banking” touch upon various other important aspects that have suddenly acquired huge importance in recent times. Elets’ recent Maharashtra conference explored the cooperative banking sector in India from different dimensions, as industry leaders, bankers, technical experts dwelled upon important aspects. In the light of current banking scenario in the country, we have brought the latest issue with a bouquet of special stories, interviews and articles to showcase what is in the offing from India to the world at large, especially for those who describe India as a nation of ‘snake-charmers’. We look forward to our esteemed readers’ invaluable feedback on our latest endeavour.
Dr RAVI GUPTA Editor-in-Chief
Ravi.Gupta@elets.in
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/7
Cover Story
Securing Data for SAFE BANKING The Indian banking and financial services market is undergoing a major transformation. In the payment market, cash, credit, and debit cards are giving way to digital alternatives. Though fruitful to the financial sector, the rising inclination towards digital interface is also increasingly facing threat from cyber breaches, writes Rashi Aditi Ghosh from Elets News Network (ENN).
8/ BFSI | bfsi.eletsonline.com | DECEMBER 2016
Cover Story Explaining technologies role in dealing with cyber attacks, Harshil Doshi, Strategic Security Solutions Consultant – India, Forcepoint says, “We are in the age of data breaches. With cyber security intrusions seeming to take place almost every day, cyber security technology becomes an indispensable tool in preventing breaches, data theft, meeting compliances and enable better decision making for organisations. While technology plays a central role in containing threats, it must be noted that people and processes are equally important. People, Process and Technology form a holistic security strategy for organisations in addressing constantly evolving cyber security challenges and regulatory requirements. e.g. Insider attacks are becoming more prevalent than external attacks in modern times. In highly sanitised environments, technology is required to identify anomalies in user behaviour to protect network and stop loss of critical data. UEBA (User and Entity Behavior Analytics) and DLP (Data Leakage Prevention) are being widely used in high security environments.”
Data Breach Turning Expensive A report by IBM-Ponemon Institute shows that cyber breaches are getting expensive for India. The per capita cost of a compromised record went up by over 75 per cent
Rising Concern of Cyber Attacks in India he Banking, Financial Services and Insurance (BFSI) sector is changing from a traditional manual model to an automated processdriven business model. With the adoption of digital technology, the consumer behaviour is also evolving. Traditional players are facing new competitors in direct banking as well as mobile banking segments. However, the menace of cyber attacks on financial services companies is increasingly getting diverse, thus unpredictable. The frequency of these threats is rising and perhaps is here to stay. While talking about the cyber threat vulnerability of financial institutions, Bharat Berlia, Chief Information Officer, Indus Net Technologies, said: “Technology is evolving at a rapid pace and such advancements within the banking and financial sectors are likely to introduce new vulnerabilities and complexities.” “Adoption of alternate channels like online payments, mobile, cloud, and social media technologies further increases the chances of exploitation. Sometimes due to pressure of achieving faster goals or cost reductions, there are compromises made in the overall IT infrastructure. As we move more and more towards the open-ended technologies, financial institutions will have to work on stringent controls, depending on trusted vendors.”
T
In a cyber attack of unprecedented scale, safety of over 32 lakh debit cards was compromised this October, the culprit being a malware. It was reportedly the biggest data breach in the Indian banking history.
India was ranked third worldwide, next only to the US and China, as a target for cyber criminals in 2015, according to a 2016 report by software security firm Symantec Corp.
According to the India Risk Survey-2016 conducted by Pinkerton and FICCI, the information and cyber insecurity has been listed as the second biggest threat to businesses in India for two consecutive years.
As per the data maintained by National Crime Record Bureau (NCRB), a total of 5,693, 9,622 and 11,592 cybercrime cases were registered during 2013, 2014 and 2015, respectively, showing a rise of 69 per cent during 2013 to 2014 and 20 per cent during 2014 to 2015.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/9
Cover Story in the past five years. The cost has swelled from Rs 2,106 in 2012 to Rs 3,704 this year, according to a report by the institute.
The Evolving Cyber Threat Landscape To achieve growth, cost optimisation and innovation, financial service companies are everyday adopting businesses and high-end technologies. But this quest is also exposing them to heightened levels of cyber risks. These innovations have most likely introduced new vulnerabilities and complexities into the financial services technology ecosystem.
Various Cyber Threats Account Takeovers: Cyber criminals have demonstrated their ability to exploit online financial and market systems that interface with Internet, such as the Automated Clearing House (ACH) systems, card payments, and market trades. Payment Systems: Fraudulent monetary transfers and counterfeiting of stored value cards are the most common result of exploits against financial institutions, payment processors, and merchants.
According to the India Risk Survey-2016, the information and cyber insecurity has been listed as the second biggest threat to businesses in India. ATM Skimming: ATM skimming is also a prevalent global cyber-crime. A criminal affixes a skimmer to the outside or inside of an ATM to collect card numbers and personal identification number (PIN) codes. Point of Sale Terminals: Point of Sale (POS) terminals have been a primary target for cyber criminals engaging in credit card fraud and have resulted in the compromise of millions of credit and debit cards. Mobile Banking Exploitation: As more mobile devices have been introduced into personal, business, or government networks, they have been increasingly targeted for stealing. Cyber criminals have successfully demonstrated man-in-the-middle attacks against mobile phones using malwares. Increased Regulatory Requirements Banking in India is governed through various legal and regulatory requirements issued by the Government of India and the banking regulator – Reserve Bank of India (RBI).
10/BFSI | bfsi.eletsonline.com | DECEMBER 2016
RBI on regular intervals issues various circulars and guidelines on various aspects of banking. The RBI guidelines on information security, electronic banking, technology risk management and cyber frauds, issued in April 2011, define the fundamental information security requirements which all banks need to follow. In addition to the above guidelines, there are multiple regulatory requirements related to internet banking, payment systems, mobile banking, IT outsourcing, etc which may be applicable to a particular bank, depending on the context of the organisation and the nature of its operations in India. Talking on the importance of regulations in context of cyber security, Doshi, Strategic Security Solutions Consultant – India, Forcepoint says, “The cyber security regulations make it compulsory for the organisations to protect their systems and information from cyber attacks. Government and industry regulators including banking regulators have taken note of increased role of IT and therefore consider cyber security as an essential component of the economy. Secondly, cyber security is important for the protection of critical infrastructure systems. So, regulations act as minimum deterrent against cyber threats that should be in place at any point in time for organisations. However, in view of changing technology landscape and rising internal attacks, the regulations must be reviewed periodically to include threats coming from emerging landscape.” Speaking on the policy issues related to cyber security, Ilias Chantzos, Senior Director Government Affairs EMEA-APJ, Symantec, said, “I think if someone looks at it from a covered policy landscape, we see challenges
Cover Story
tion, India has been extremely successful in terms of digital transformation,” he added.
Why Should Financial Services Consider Cyber Security? Financial service firms should consider raising their level of preparedness and evolve into a new cyber risk management paradigm that strives to achieve three fundamental qualities: It is important to be secured against known threats
India was ranked third worldwide, next only to the US and China, as a target for cyber criminals in 2015, according to a 2016 report by software security firm Symantec Corp. associated technology and policy-making. This is the reason why there has been a shift change to cloud. To meet the challenges, there is a need to deploy more of Internet of things (IOT) devices as all the threat is emerging due to explosion and proliferation of data.” “Like other countries across the globe, India too is facing a lot of security threat but as per our observa-
Some Key RBI requirements
through risk-driven investment. This can be ensured by adapting a secured foundation, preventive controls, and policies. Security can be assured by improving the ability to detect emerging threats and anomalous patterns amid the highly complex and data-saturated environment. Ability to form a sturdy organisation that can recover from attacks as quickly as possible and minimise both direct and indirect damages.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/11
Cover Story Mechanism To Rule Out Cyber Attacks Actionable threat intelligence – derived from a wide range of sources and well-defined governance processes, which instill cyber risk awareness, accountability and effective continuous adaptation can be critical fuel in driving this paradigm shift. For many firms, what are currently called IT risk management programmes can evolve into executive-driven cyber risk management programmes that are an integral part of strategic business planning. Multi-pronged Approach to Managing Cyber Risks – Financial services firms have traditionally focused their investments on becoming secure. However, this approach is no longer adequate in the face of the rapidly changing threat landscape. Put simply, financial services companies should consider building cyber risk management programmes to achieve three essential capabilities: the ability to be secure, vigilant and resilient. Enhancing Security through a “defence-in-depth” Strategy – A good understanding of known threats and controls, industry standards and regulations can guide financial services firms to secure their systems through the design and implementation of preventative, risk-intelligent controls. Based on leading practices, financial services firms
A report by IBM-Ponemon Institute shows that cyber breaches are getting expensive for India. The per capita cost of a compromised record went up by over 75 per cent in the past five years. can build a “defence-in-depth” approach to address known and emerging threats. This involves a number of mutually-reinforcing security layers both to provide redundancy and potentially slowdown the progression of attacks-in-progress, if not prevent them. Such slowing down can work in the defendant’s favour by providing adequate time to secure their digital assets and mount effective counter-strategies. Enhancing vigilance through effective early detection and signaling systems – Early detection through the enhancement of programmes to detect both the emerging threats and the attacker’s moves can be an
12/BFSI | bfsi.eletsonline.com | DECEMBER 2016
essential step towards containing and mitigating losses. Incident detection that incorporates sophisticated and adaptive signaling and reporting systems, can automate the correlation and analysis of large amounts of IT and business data, as well as various threat indicators, on an enterprise-wide basis. Financial services companies’ monitoring systems should work 24x7, with adequate support for efficient incident handling and remediation processes. Enhancing resilience through simulated testing and crisis management processes -- Resilience may be more critical as destructive attack capabilities gain steam. Financial services firms have traditionally planned for resilience against physical attacks and natural disasters; cyber resilience can be treated in much the same way. Financial services companies should consider their overall cyber resilience capabilities across several dimensions: First, systems and processes can be designed and tested to withstand stresses for extended periods. This can include assessing critical online applications for their level of dependencies on the cyber ecosystem so as to determine vulnerabilities. Second, financial services firms can implement good playbooks to help triage attacks and rapidly restore operations with minimal service disruption. Finally, robust crisis management processes can be built with participation from various functions including business, IT, communications, public affairs and other areas within the organisation. Explaining about the Cyber security perspective and ways to deal with it, Berlia from Indus Net Technologies, said, “Our security experts get involved at the initial stages of the project and design an architecture which secures data, people, facilities, process and technology. The idea is to identify, prioritize and manage risk relative to its potential impact on mission-critical operations maintaining organizational agility. Our solutions usually provide real-time visibility into processes, systems, data and equipment.”
Special Story
Banking upon ‘THIRD EYE’ TO SECURE BANKS With surging crowds at banks and customers making serpentine queues outside ATMs post demonitisation, security measures have gained huge significance, writes Priyanka Sharma of Elets News Network (ENN).
n the wake of demonitisation of Rs.500 and Rs. 1,000 notes, physical security and Closed Circuit Television (CCTV) surveillance at the banks and other financial institutions have become indispensible like never before. The banking and financial sector in India puts in a lot of money and effort to provide secure environment for financial transactions. Banks and financial institutions use high tech surveillance systems and guards to enhance security of their premises. This is necessitated due to the fact that compared to other industries, banks and financial institutions handle a large amount of cash and transactions, making surveillance systems the first choice to tackle thefts and frauds – both inside and outside the premises – to safeguard customers, employees and assets of the bank. Apart from building a complete surveillance infrastructure at banks, it is also required that the Network Video Recorder (NVR) support ATMs and points of sale (POS) text overlay to store the video footage along with the transaction data to quickly and easily search individual transactions and view corresponding videos for surveillance.
I
Physical Security at Banks
PRASAD ADIGA COO
After demonitisation, Prime Minister Narendra Modi-led government has asked all States to ensure proper security be in place at all banks, ATMs and for vehicles transporting cash. Three officials from the Home Ministry are in touch with State governments to ensure security of these key entities. The ministry officials are taking regular feedbacks on the prevailing situation in the states from the Directors General of Police.
14/BFSI | bfsi.eletsonline.com | DECEMBER 2016
Heavy deployment of police was ordered on November 9 as nervous and mostly clueless residents flocked their nearest bank branches across the nation. The police were deployed near all financial institutions and places where large crowds were expected. All junior to senior most police officials swung into action. Most of the DCPs, ACPs and SHOs could be noticed engaged in patrolling in their respective zones. Junior-ranked police officials were deployed in the field. Police personnel were stationed not just at the banks but at all financial institutions such as forex offices and ATMs. The petrol pumps and CNG stations too were supervised by police teams. The deployment started as early as 8 am, i.e., when banks open, and the policemen remained positioned at their posts till the banks were closed for public dealing in the evening.
Importance of CCTVs for Bank Security In the past, banks in India have lost Rs.485 crore between April 2013 and November 2016 owing to thefts. It is Rs 38 crore more than the expenditure borne by the government’s Indian Space Research Organisation to send a mission to Mars. Under these circumstances, reliable video surveillance systems are indispensable these days. Robberies, burglaries, cheque card fraud at ATMs or vandalism require swift reactions. Very often, video recordings are the only way to get after the culprits. Banks are some of the most secured institutions in the world. We all entrust banks with our money, and expect them to keep it safe. One of the many ways banks can help protect our money is to install a high- end video surveillance system. Banks are looking at newer innovations in digital technology and high definition resolution
Special Story so that they may increase the effectiveness of their video security systems. “Banks should install anti-skimming devices to protect themselves. There can also be auto lockdown of ports, disk/data strong encryptions. Banks can also apply EMV as a card security standard starting this fall to help avert fraud attacks from occurring,” says Bharat Berlia, Chief Information Officer, Indus Net Technologies. “With EMV technology, cardholder information is stored in a chip that is embedded in the card. Further, biometric, retina scans, additional authentication via mobile GPS can reduce the chances of any scrupulous attacks.”
Advantages of CCTV cameras in Banks Invented by Marine Van Brittan, closed-circuit television (CCTV) cameras can today produce images and recordings for surveillance purposes. These can be either video cameras, or digital stills cameras. The CCTV camera system includes one or more cameras which are used to send video, images and audio data to a monitor. Essentially, these camera systems use cameras to transmit the signals to a main hub which then records that data for later viewing or live viewing.
Multiple Advantages of CCTVs Prevent robberies – Banks continue to be high-stakes targets for criminals looking for a big payout. The proper bank video surveillance setup can help to deter robberies, or in case of any incident — provide important images and evidence to law enforcement agencies. Crime Investigation – In instances of robbery and fraud, recorded bank security camera images can be used to identify and track down suspects. Prevent Check Fraud: Internet Protocol (IP) video surveillance systems with advanced video analytics such as facial recognition are helping to fight the problem of check fraud at banks by recording transaction data and capturing images of offenders. This information can be used to identify criminals and helps in protecting customer accounts. Combat ‘phantom ATM withdrawals’: It's common for bank customers to report suspicious ATM withdrawals where money has been taken from their accounts without their knowledge. Bank security cameras, which record every ATM transaction can provide answers. Coordinate Information from Multiple Locations: Modern bank video surveillance systems allows footage from multiple branches to be transmitted to a central monitoring room, or viewed over the Internet. Integration With Alarm Systems: With modern surveillance systems, bank security cameras and alarm systems can be integrated into a single network. Intelligent Functionality: Intelligent security cam-
eras with video analytics such as motion sensing, facial recognition, and behavioural recognition can be used effectively to identify suspicious or abnormal activity in and around the bank. Digital Storage: With digital technology, storage and management of surveillance footage is more efficient, convenient, and accessible, allowing for advanced search techniques that help in pinpointing specific incidents and identifying suspects with greater ease and speed. Enhanced Customer Confidence: The more secure a bank is, the more confident its customers will be. An effective bank video surveillance system goes a long way in enhancing this sense of security. Continuous Surveillance: Bank security cameras
The Home Ministry has deputed three officials to be in touch with state governments to ensure security of banks, ATMs and cash transporting vehicles. allow for continuous surveillance of banking facilities, providing protection outside of typical workday hours. This is especially helpful for ATMs which are accessed by customers 24 hours a day. Data Recognition: Video surveillance systems that use digital technology are capable of advanced forms of data-recognition that prove useful for searching video footage for specific bank transactions and images of particular individuals. Remote Access – IP surveillance allows for remote monitoring of live and archived video footage from any computer with an internet connection and access to the network.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/15
Featured Article
Cloud and Data Centres: HARBINGERS OF SECURE ONLINE BANKING Cloud-based systems and data centres help banking and financial institutions offer secure online transactions to their customers at low cost. Akash Tomer of Elets News Network (ENN) writes about how these technologies are changing the way banking sector offers services to the customers. loud computing and data centres are the two most potent technological advancements impacting the banking and financial sector like never before. Their impact is being felt not only by customers but by the banks as well. Today, e-banking has erased the boundaries of traditional branch banking. Using online banking, or internet banking, enables the customers of a bank to conduct a range of financial transactions through the bank’s website or app. It helps bring down overheads for the banks and enables the customers to access banking services anywhere and anytime. Cloud computing and data centres form the backbone of e-banking. While cloud-based security systems cost less and do not require banks to maintain huge IT setups, data centres, which store every bit of information about customers and banking transactions, offer a robust and scalable storage solution. But there are cyber threats which have posed a big challenge as well.
C
Cyber Threats and Ways to Prevent Them Cyber threats in the banking sector cannot be considered only as an Information Technology (IT) challenge. Nowa-days it is treated as a broader risk management issue. Cyber criminals not only are targeting the websites of banks but also they are also targeting bank customers. Along with the money in a bank account, personal information of customer is also at risk. The case in point is the latest data breach in the Indian banking sector, in which 3.2 million debit cards were compromised. It was considered one of the biggest ever breaches of financial data in the country. The Reserve Bank of India has provided guidelines on information security, electronic banking, technology risk management and cyber frauds. To avoid such threats, banks are taking various security measures to tackle or avoid any such threats and to protect the customers’ data and money.
16/BFSI | bfsi.eletsonline.com | DECEMBER 2016
Following the banking data breach, the apex bank has asked the banks to review their cyber security arrangements as per the framework laid down by it in its June 2, 2016, notification. It stresses on the need for a board approved cyber-security policy, calls for an arrangement for continuous surveillance and cyber crisis management plan.
Types of Attacks Malware: Malware is a computer code designed to destroy computer data or to steal private information from a computer. Viruses, spyware, worms are different kind of malwares used for cyber attacks. Odds are, nearly everyone with a computer has fallen victim to some form of malware in their time. Password Attacks: In order to hack into a secure system, these attacks are used to crack victim's password. Such attacks can be prevented by following good password procedures. Brute-Force Attack and Dictionary Attack are the methods used by hackers to crack a password. Denial-of-Service (DoS) Attacks: DoS attacks are special form of cyber attacks that focus on the interruption of a network service. These attacks target network until it is overloaded ("Denial-of-Service"). While handling such a huge amount of traffic, the victim may lose control and the information as well.
Cloud based Security Measures: When it comes to defending against cyber attacks, a common strategy includes investing in costly hardware and software products, and then shoring up both frequently. However, there is a more effective and affordable way to fight cyber terrorism -- adopting cloud-based cyber security services. Cloud-based cyber security tools are cost-effective and help small- to mid-size companies afford all the bells and whistles that big MNCs have. Cloud-based security systems provide a very high level of data protection,
Featured Article especially for sensitive data that includes customer information and transaction details. In order to prevent data theft, it is kept in centralised data storage. Banks and financial institutions follow strict and layered authentication methods to access the details of any such data by a customer. Enhanced computing power and capacity of cloudbased systems enable these systems to store real-time data about customer preferences. This stored information helps the banks to offer their customers personalise interactions. Cloud based systems can also help banks to streamline operations by aligning business and technology. It also helps banks to scale up IT resources for expanding its business operations. Cloud computing promises cost savings, efficiency and agility that allow banks to offer internet banking and payment function on the cloud technology. By moving the payment function to cloud, banks can fend off the threat of disintermediation from telecommunication companies and other mobile payment service providers. Moreover, payment over cloud eases the pressure on banks of managing a big IT setup. The Cloud technology is the future of banking services. Cloud technologies, analytics, mobile technologies and big data all together will enable banks to extract information from existing data and processes them to address risk management.
Data Centre A data centre is a centralised facility that stores, manages, and disseminates an organisations data. It also manages and stores the organisation’s IT operations and equipments. Data centre is one of the most vital and critical systems to continue daily operations. Consequentially, the security and reliability of data centres is a top priority for organisations. With the advent of cloud computing, rich internet applications, service-oriented architectures and virtualisation, data centre operations are becoming more dynamic. Data centres hold the key to growth of the sector. Banking and financial institutions are nowadays embracing a more holistic approach towards data storage and management as it suits to evolve their business. Data centres also help these institutions to access and utilise the vast amounts of data. “Data centre is the backbone of the financial services industry and is the key to its growth. Banks and financial institutions rely heavily on high performing, always-on data centres to store and analyse the sheer volume of data generated by their customers. As data centre evolves to support the increasing need for data storage, financial institutions must embrace a more holistic approach and adapt their infrastructure in order to suit the needs of the business”, says Harshil Doshi, Strategic Security Solutions Consultant – India, Forcepoint.
Security of Data Centres: Data centres are monitored round-the-clock by organisations offering the storage service. For enhanced security, measures like single-person access and mantrap systems are taken that provide access to authorised individuals only. For maintenance of the centre, technicians are allowed to enter special rooms using custom-configured ID cards and after authentication by means of biometric scans or retinal scans. To prevent the data, banking organisations follow various standards like an intrusion detection system to monitor incoming data and to identify suspicious activities. Firewalls developed by different manufacturers are also being installed to protect the customer data stored
Along with the money in a bank account, personal information of customer is also at risk. The case in point is the latest data breach in the Indian banking sector. in the centre. Data is transferred or exchanged with customers in encrypted file formats via secure fiber-optic cables ensuring data safety and integrity. Other data protection provisions include the prevention of data from being exposed to third parties. Support services from data security companies ensure that data remains protected also during the maintenance operations of data centres. These data security measures help banking and financial industry carry out secure and hassle free transactions round-the-clock. Updating technologies on regular basis help the sector to better the user experience as per their requirement.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/17
Special Story
Ensuring Safety of
YOUR MONEY IN ATMs While ATMs serve as great inventions to make the day-to-day banking hassle-free, the security measures involved in making them safe from fraudsters and cyber criminals have to keep evolving to ensure public money remains safe, writes Priyanka Sharma of Elets News Network (ENN).
T
here are over 200,000 Automated Teller Machines (ATMs) installed across India and the number is set to increase many folds in next few years, with banks trying to keep their overheads under check.
These money vending machines give customers easy access to their money anytime, anywhere throughout the year. However, as the number of ATMs is set to increase so will various threats. According to a Finance Ministry report, the number of thefts from ATMs is on the rise. In 2015-16, 922 cases of ATM thefts involving Rs 78.6 crore were reported, an increase from 698 cases involving Rs 51.7 crore the previous year. There were 596 cases worth Rs 34.34 crore in 2013-14.
1000
922
Types of ATM frauds Fraudsters seem to be devising new ways to steal cash from ATMs. As more and more stringent security features are being adopted to make ATM machines theft-proof, high-tech thieves always keep bankers and security providers on their toes -forcing them to keep adding extra layers of security to ensure the money remains safe in ATMs.
Card Skimming It remains No. 1 threat globally. Essentially, skimming refers to the stealing of the electronic card data and making counterfeit cards to make purchases or withdraw cash in the name of the actual account holder. Unsuspecting consumers experience a normal ATM transaction and are usually unable to notice a problem until their account is defrauded.
Card Trapping
900
Trapping is stealing of the physical card itself through a device fixed to the ATM. In a pre-EMV or chip-and-signature environment, the PIN does not need to be compromised.
800 698 700 596 600
Transaction Reversal Fraud (TRF) ATM Thefts
500
Amount (in crores)
400
300
200
100
34.34
78.6
51.7
Cash Trapping
0 2013 - 14
18/BFSI | bfsi.eletsonline.com | DECEMBER 2016
2014 - 15
TRF involves the creation of an error that makes it appear as though the cash had not been dispensed. The account is re-credited but the criminal pockets the money. It could be a physical grab (similar to cash trapping) or a corruption of the transaction message.
2015 - 16
Normally, relatively low value, the fraudster will use a device to physically trap the cash that is dispensed and come to collect
Special Story once the customer has left the ATM location.
Physical Attacks This category is related to any attempt to rob the ATM of the cash in the safe. Methods of physical attacks include using solid and gas explosives to break the machine, as well as removing the ATM from the site and then using other methods to gain access to the safe.
Logical Attacks Logical attacks are becoming a major and growing attack vector, and one that has the potential to cause large amounts of losses. In this type of attack, external electronic devices or malicious software is used to commit the crime. The tools are used to allow the criminal to take physical control of the ATM dispenser to withdraw money, which is often called "cash-out" or "jackpotting," as the machine starts spitting out bills like a casino gaming machine. The other version of malware attack on ATMs involves criminals using software to intercept the card and PIN data as customers use the machine. They can then use this to clone cards and commit frauds at point of sale terminals, ATMs and in 'card-not-present' scenarios.
The Case of Outdated ATMs The systems that were installed few years back were primitive so far as surveillance is concerned. They were basically limited to CCTV surveillance cameras with direct video recording locally. The cameras used to be standalone and not networked. These were not connected to a central command centre for remote monitoring services. But things seem to be improving on this front. “Most ATMs have been converted into rear loaders. There are multiple alarms and multiple locations attached to machines. Some ATMs are equipped with sending ‘Save our Souls (SoS)’ message to nearest police station as well. Apart from that there are sparking systems, think of it like a lighter spark, every couple of seconds that prevents filling them with gas to detonate. There are cameras, key and combination requirements, the combinations are changed every few weeks,” says Bharat Berlia, Chief Information Officer, Indus Net Technologies.
Specialised Surveillance System One of the effective ways of securing the ATM is specialised surveillance solution designed specifically for the banks’ ATMs. A CCTV system in the bank ATM acts like a deterrent to criminals and provides evidence in post incidence investigations. One of the key features of this system allows superimposing the ATM card number on the recorded CCTV footage. This feature is called the ‘Text Overlay Feature’. The resulting images can be searched by only entering the card number. This on the larger scale aids banks to centrally search CCTV feeds from numerous remote ATMs, thus
reducing the time taken to browse the entire CCTV footage and also gives better control to track fraudulent activities regarding misuse of ATM cards.
E Surveillance System E-surveillance is a comprehensive security solution designed exclusively for ATMs and it integrates intruder alarm, fire alarm, CCTV surveillance coupled with two-way audio communication. This entire solution is offered to banks on Software as a Service (SaaS) model. There is zero investment and zero management for the bank. The bank needs to pay a nominal usage fee on a monthly basis.
Dos and Don’ts when conducting ATM transactions Do’s • Conduct your ATM transactions in complete privacy, never let anyone see you entering your Personal Identification Number (ATM Password) • After completion of transaction ensure that welcome screen is displayed on ATM screen • Ensure your current mobile number is registered with the bank so that you can get alerts for all your transactions • Beware of suspicious movements of people around the ATM or strangers trying to engage you in conversation • Do check if the card given to you by the merchant after completion of the transaction is your card • Look for extra devices attached to the ATMs that may be put to capture your data • Inform the bank if the ATM / Debit card is lost or stolen and immediately report if any unauthorised transaction • Check the transaction alert SMSs and bank statements regularly Don’ts • Do not write your PIN on the card, memorise your PIN number • Do not take help from strangers or handover your card to anyone for using it • Do not disclose your PIN to anyone, including bank employees and family members • Do not allow the card to go out of your sight when you are making a payment • Avoid speaking on the mobile phone while you are transacting E-surveillance operates on Internet Protocol (IP). It comprises various sensors to protect every asset in the ATM lobby such as ATM machine, cheque drop box, airconditioners, uninterruptible power supply, etc. It includes smoke and heat sensors as well. High resolution, varifocal, infrared cameras are installed, both inside and outside the lobby for surveillance. Besides these, two-way audio systems and hooter are provided to deter the criminal and alert the public in case of any crime or panic situation. In the event of any alarm sounded from ATM, a video verification is conducted to confirm if it is a criminal activity and the two-way audio is triggered to deter the criminal. In the event the criminal persists, the local hooter is switched on remotely from the command center to alert the public and deter the criminal.Currently, Punjab National Bank, Kotak Mahindra Bank, HDFC Bank and Federal Bank are using this system in many states. With implementation of e-surveillance, banks can save on huge costs currently incurred in deploying 24x7 guards at the ATMs. Compared to cost of man guarding, e-surveillance is highly economical and return of investment is highly appreciated by banks.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/19
Corporate Interview RAKESH VERMA
MapmyIndia
CONNECTING THE BUSINESS WORLD MapmyIndia through their most advanced, accurate and detailed maps have been connecting several businesses. Since 1995, the company has dedicated itself to build the soft infrastructure of mapping in India, says Rakesh Verma, Managing Director, MapmyIndia, in an exclusive conversation with Elets News Network (ENN).
W
hat is MapmyIndia’s relevance in India?
MapmyIndia is India’s leader in premium quality digital map data, APIs, GPS navigation, tracking, location apps, and GIS solutions. MapmyIndia’s mission is to make the world better through maps and location technologies. Since 1995, the company has dedicated itself to build the soft infrastructure of mapping in India. Through continuous efforts of its 400+ professional field surveyors and state-of-the-art mapping technology, including its revolutionary RealView service which captures, analyses and publishes the world in 3D and 360-degree photo-realistic clarity, MapmyIndia’s proprietary MapmyIndia Maps is the most comprehensive, accurate, reliable, full-featured, professionally created and continuously updated digital map dataset for all India, which are used for a wide range of applications including Navigation, Telematics, Autonomous Driving, Geographic Information Systems, Location Based Services and Smart Cities. MapmyIndia provides not just the most advanced, accurate and detailed maps of India, but also the best GPS-based IoT (Internet of Things) devices optimised for use in vehicle, asset and personal navigation and tracking, market-leading location-based enterprise SaaS (“Software as a Service”), popular and delightful hyper-local mobile and web consumer apps, including maps.mapmyIndia.com, India’s very first and most detailed, accurate and c o m p r e h e n s i ve
20/BFSI | bfsi.eletsonline.com | DECEMBER 2016
interactive online mapping portal, and NaviMaps, the best offline GPS navigation app for India.
How MapmyIndia is contributing to India’s banking and finance sector? MapmyIndia has been working closely with the BFSI sector for nearly a decade. Leveraging the best-in-class digital map data MapmyIndia has helped many banks, insurance and financial service providers improve their customer service delivery, make their processes more efficient and manage risk. MapmyIndia helps banks and insurance companies with location verification, risk assessment and demographic profile of the applicants.These are the formalities required for Know Your Customer (KYC). It also helps in site selection of ATMs, branches and service d e l i ve r y
Corporate Interview
RAKESH VERMA
points based on location data and analytics. MapmyIndia’s tracking APIs are being widely used for workforce management. For effective deployment of workforce, MapmyIndia has developed Workmate app, this enables any manager to see in real-time where and what each of his workforce are doing in the field. Based on the need, instructions can be relayed to one and all from his smartphone, instantly. MapmyIndia also offers devices and solutions that generate a large amount of telematics data. These are being offered to OEMs and in the aftermarket. The company also has solutions for usage-based insurance (for example, in the case of buyers of pre-owned vehicles) by providing information like the state of engine, engine oil status, battery status, coolant, maintenance history etc.
What prominent products do you have as solutions for customers? MapmyIndia has been at the forefront of introducing disruptive products and technologies that have been game changers. Some of the prominent products and solutions offered by the company are: MapmyIndia Maps– MapmyIndia’s digital map data, which is the foundation on which all MapmyIndia products and solutions are based, are India’s most comprehensive, exhaustive, detailed maps that offer unmatched coverage MapmyIndia WorkMate– is a field workforce management solution. It is a fully scalable product that is available on both the web & on mobile. Workmate is customizable with the company’s branding. MapmyIndia Insight– is the Geomarketing Decision Analysis system that can be used for uploading files having latitude, longitude, addresses etc. along with other parameters. MapmyIndia APIs– Although MapmyIndia solutions are being used widely in the BFSI sector, the company has also made accessible their powerful Map APIs for every user (individual or corporate) to integrate with their products and solutions. Maps API: Developers can integrate India’s most comprehensive maps with house number detail in their own web applications with the Maps API. This API allows users to see the same detailed maps as in MapmyIndia’s own navigations devices and web/mobile apps, unlike other API providers. Geocoding API: Provides latitude and longitude along with all available information like phone number for any address or point of interest in India. This API is especially relevant to the BFSI sector as it enables the linkage of the customer with key attributes.The companies are also doing resource planning based on this data. Reverse Geocoding API: Provides the nearest address or point of interest information for a given latitude-longitude combination Routing API: Calculates driving route between any
two specified locations including up to 50 via points. The API gives you drive time, distance and step-bystep description of the route steps along with point information for map display. Driving Distance API: This API calculates driving time and distance from a given center point to a bunch of other locations Map Tile Image API: The image API generates static map PNG files of size 256×256 (512×512 if retina tiles are needed) for a given latitude-longitude point. Autocomplete API: Suggests search results as you type on the basis of the initially entered characters. Nearby POI: Searches for points of interest in a predefined category near a set of position coordinates and within a radius. Labels Image API: Provides map labels images (PNG) of size 256×256 and 512×512 (for high DPI screens, like retina display) for a given latitude-longitude point and zoom level. POI Along the route API: Searches for POIs in a pre-defined category, near a route, which has been defined by start and end position.
MapmyIndia is India’s leader in premium quality digital map data, APIs, GPS navigation, tracking, location apps, and GIS solutions. Tell us about your products — Insight and Workmate. MapmyIndia Insight is the Geomarketing Decision Analysis system that can be used by users for uploading files having latitude, longitude, addresses etc. along with other parameters. Insight organizes and brings together disparate information on regional markets. Geomarketing is the integration of geographical intelligence into various aspects of marketing, including sales and distribution. MapmyIndia WorkMate is a field workforce management solution. It is a fully scalable product that provides both web as well as mobile interface. WorkMate is customizable with the company’s branding. For field employees, WorkMate will make their operations exponentially easier. From easy check-ins, to address detection and step-by-step driving directions, WorkMate improves employee efficiency even when there is no network available. The tracking is permission based, the user needs to start the tracking as the workday begins and stop it at the end.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/21
Corporate Interview RAVI SINGH
Making digital
INDIA DREAM A REALITY: ITZCASH India is on the verge of becoming a digital nation and we are ensuring the same by converting cash into digital money both at the rural and urban level says Ravi Singh, Chief Business Officer, ItzCash in an exclusive conversation with Rashi Aditi Ghosh of Elets News Network (ENN).
G
ive an overview of ItzCash as a holistic payments solutions company.
We are a payment company and our focus has been on converting cash into digital money. We focus on two sections of society, the technology savvy and digitally unsound. Those who are digitally sound can pay bills, recharge their phone numbers, buy rail tickets and can make a lot payments using our services. On the other hand, we focus on digitally unsound populace through our network of about 75,000 franchise spread across 60,000 cities. Remittance business: We are the largest partner of MPCI in terms of Master production scheduling (MPS) transactions generated. Travel: We are one of the largest partners of IRCTC in terms of ticket bookings. Cash Management: We have cash management solutions. This is our third largest vertical business. Bill Payment
How you are empowering the unbanked and under-banked segments in India? I believe that our country is doing a commendable job in terms of incorporating financial inclusion. Through our Prime Minister Narendra Modi’s initiative Pradhan Mantri Jan Dhan Yojna, many people have opened their bank accounts. Earlier whenever there was a discussion on financial inclusion, only Rural India was talked about. But now urban India is also included in the topic. This is because many people residing in urban areas also fail to take up digital decisions. This is the reason why we focus both on urban and rural India.
22/BFSI | bfsi.eletsonline.com | DECEMBER 2016
Do you think cashless economy is possible in rural India just like urban India? Why it is needed at the outset? I believe financial inclusion is a part of both urban and rural India now because digitisation is a necessity for all. We focus on wallets that help the digitally sound people and to help the digitally unsound populace we have our various franchises. These franchises help the digitally excluded people in booking tickets, recharging phone numbers, paying bills and etc. by using our services. We all know that digital India is our dream but in reality despite having mobile majority of our populace fail to work on internet. We focus more on this section of the society. The major challenge that we face is making people use our services. This is the reason why we have several franchises. We make the financially excluded section understand the safety and convenience of using digital money. We are working with a lot of e commerce companies. E commerce companies like flipkart lack physical infrastructure which we have. So, people in rural areas can walk into our franchise stores and by paying cash they can actually do online shopping.
How would you define the challenges in ensuring this to happen? Telephone infrastructure is the biggest challenge that we face.Internet connectivity which occurs as the major concern that often hinders our services. Second challenge that we face is banking penetration. We get cash payments from rural areas and we cannot hold this cash for too long. But since the number of banks available in the rural areas is still very low,we face problems. Infrastructural challenges are the bothering us the most. ď Ž
Industry Speaks ALOK JHA
Banking
THE UNBANKED THROUGH BLOCKCHAIN & BITCOIN
M
ay 22, 2010 was the day which brought revolution in the means of financial transactions and became a trend-setter. Surprisingly, it has nothing to do with secured debt obligations or stocks. A girl from Jacksonville, Florida, US, purchased two pizzas from Papa John’s using 10,000 units of ‘Bitcoin’- a newborn currency, without any taxes or fees. Buying those “Pepperoni Pizzas” was the first ever bitcoin transaction, the cost of which now exceeds $4 million. For the marketers and programmers, this situation was strange and surreal. Hence, the financial world came up with the public ledger of all the bitcoin transactions that will be executed ever — Blockchain.
Blockchain: the support system for Bitcoins Initially, blockchain received infamy for turning out to be the support system for bitcoin: the web-based cryptocurrenncy. But lately, with the help of distributed networks of computer users, the transaction records were recorded and made secured at the lightning speed. Blockchain potentially circumvented the need for correspondent banking and other intermediaries like international money transfers. For those who had deficit entry into basic financial services the accessibility and scalability of blockchain simplified their way to the global economy. The biggest strength of blockchain is that it gives verified record of every online transaction, which will be made ever; further decreasing the risks of individuals, corporations and banks-, which will never be defaulter.
Process And Applications Of Blockchain Blockchain can be used as payment protection, allowance system, bank accounts by distributed ledger or smart contract, which provides an alternate financial scheme and financial inclusion to billions of ‘unbanked’ people around the world. The concurrence of mobile money and digital
finance has led to the popularity of concepts like M-Pesa (including many other like this) to help more than 400 million people living in cash based eco systems. According to GSMA, these people now have formal financial service.
Future Prospects of Blockchain Lately, even the significant headway made by the providers in the areas where banking services were untouched, more than two billion potential financial services customers remain stranded. Geographically, fragmented industries have mobile money providers who have yet not discovered the clear path to achieve the significant scale required to realise network effect for long-term viability. Blockchain can shield these efforts by becoming a support system to open the closed- loop mobile services. Currently, some payment services only work between two parties (if they both have accounts). Likewise, customers are not allowed to pay each other on separate mobile network easily. But the blockchain can expand interoperability to link these fragmented closed loop services both domestically and internationally. Now with an in-depth understanding of interoperability value proposition and ability of blockchain to significantly improve the cost structures of inefficient cross-border payments, the financial institutions have to accept the stark reality that disruptive blockchain technology is efficacious to serve unbanked masses. This fact serves the next few billion participants of global economy. Blockchain technology in concomitance with smartphones will endow an infrastructure that will hugely reduce the cost of operations supporting new business models; with an aim of sustainably serving the poor. It all started with buying pizza using bitcoin and has grown up to the phase where big companies are dealing with bitcoins. Microsoft added bitcoin as a payment option for variety of digital content across its online platform. In addition, Dell announced accepting bitcoin through partnership with Coinbase. Other than them, the companies who accepted bitcoins were Overstock, Newegg, Showroomprive, Tigerdirect etc. With evolution of internet money, humans need to be blockchain-savvy remembering the fact that all great things are preceded by chaos.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/23
Corporate Interview K KRISHNA KUMAR
C-Edge Technologies
END-TO-END SOLUTION OF BANKING PROBLEMS C-Edge Technologies is a joint venture between Tata Consultancy Services ( TCS) and State Bank of India and it caters to the small and medium banks and takes pride in its business operations in India. Small and medium banks never had any service provider meeting their technology requirements on long term basis, says K Krishna Kumar, Chief Executive Officer, C-Edge Technologies Ltd.
W
hat are the products and solutions C-Edge Technologies Limited (C-Edge) offer?
C-Edge is a joint venture between Tata Consultancy Services Ltd. (TCS) and State Bank of India (SBI). We are a distinct and a formidable corporate entity and a unique service provider which has got parental support of the biggest Indian technology company and the biggest Indian bank. We cater to the small and medium banks and we are proud of our business operations as in India, small and medium banks never had any service provider which meet their technology requirement on long term basis. We offer end-to-end solutions for all the banking operations. Our entire model is hosted on cloud. It is a private cloud where customers do not need to worry about the cost. We allow them to pay for customised services on pay-as-you-go model. Besides core banking, our products range includes solutions for net banking, mobile banking, technologies to support Rupay products – the NPCI (National Payment Corporation India) products; we also have anti-money laundering technologies. RuPay is an Indian domestic card scheme conceived and launched by the National Payments Corporation of India (NPCI). So we have 40 – 45 products and solutions and we keep inventing newer ones to meet the requirements of our customers. We would like to mention that the costs of all these solutions
24/BFSI | bfsi.eletsonline.com | DECEMBER 2016
is very competitive. Our products are being subscribed by several Gramin Banks in Andhra Pradesh, Uttarakhand, and Telangana and other states of the country. We are also serving banks in foreign countries as well and foreign banks located in India.
How has been your experience of working with smaller banks in India? Working with smaller banks is challenging as they are not trained to understand the newer technologies. As an application service provider, we have to invest a significant amount of time to train the staff and spread the awareness about the benefits of latest and advanced technologies within banking systems. We are proud to say that we, with
Corporate Interview K KRISHNA KUMAR
our technologies, assist the banks in remote areas and convert them as our customers.
Are technologies very expensive? We are here to provide technologies to our customers at a very competitive cost. We ensure that before a customer plans to deploy certain technologies, they are aware of the investment. Our customers do not need to worry about the infrastructure and training aspects; we take care of this for our customers.
What are you latest initiatives? The newest initiative is that within 24 hours of demonetisation announcement, we have been able to finetune our systems as per the RBI (Reserve Bank of India) guidelines. The next area focuses on providing complete end-to-end support for GST (Goods and Services Tax) including the consulting and technological support. We would like to be one-stop shop for offering GST execution. We are also very positive about IMPS technologies. We believe mobile payment technologies will prosper in future.
How significant is research and development part for your business? How C-Edge is leveraging the expertise of TCS and SBI? As we have stated on our website, “C-Edge’s Centre of Excellence (COE) aims to provide best practices, training, deep domain expertise, technical implementation, and testing expertise for the banking industry. Over the last 7 years, we have gained this expertise in the course of implementing banking solutions for over 150 banks.” We would like to create products which can meet customers’ requirement efficiently. We want to create products which can be sold to different customers with competitive costs. We are a separate entity. However, we seek help from TCS and SBI as and when we require. The association is indeed an advantage for us. On the board, we have two representatives from TCS and SBI each.
Recently, we came across a situation where security of millions of debit cards has been compromised. How can the banking system avoid such situations in future? Every coin has two sides, and unfortunately, this is the other side of it. We need to keep on inventing and rein-
venting technologies to ensure our systems do not fall prey to hackers. Hackers also use advanced technologies to break into our systems, we need to stay a step ahead of them. We need to win customers' trust and this is very important. Within our organisation, we have physical security measures. We make use of the most advanced biometric mechanisms. We ensure that our data is not accessible to anybody and everybody. We also use automation within our premises and most importantly, we are always in search of that extra effort which can strengthen the security of our systems. Further, we have stored our data at certified data centres.
What is the market share of C-Edge in India? We have well presence in tier-3 cities and rural areas. We have close to 60 – 70 per cent footprint in these areas. The economy is actually moving to these areas and we are happy to extend our reach to these organisations. Our products are very well received. Even the remotest of the locations, there is lot of enthusiasm for implementing technologies.
C-Edge’s Centre of Excellence (COE) aims to provide best practices, training, deep domain expertise, technical implementation, and testing expertise for the banking industry. Which are the other sectors, you are planning to cater to with your products? We have always been into banking, however, we are now moving into insurance sector. We believe, it is also a booming sector and there are immense opportunities in this domain as well. We are looking for partners to co-create software. We believe in partnerships. There are several companies which are doing extremely good by developing solutions for BFSI sectors. We will be happy to collaborate with such companies and promote their initiatives. We want to be a one-stop-shop for our customers for all their technology needs. We are glad that we are a trusted company for our customers. We will like to develop software and services for GST which will be levied by Central Government on inter-State supply of goods and services.
What is your opinion about demonetisation? There was a need for such a bold move to control the black-money menace. There was a need to stand up boldly against and this is one such move which – to a great extent – will control the undeclared money.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/25
Corporate Interview MANOJ PAUL
India: Creating
HIGH QUALITY DATA CENTRES
26/BFSI | bfsi.eletsonline.com | DECEMBER 2016
GPX started its operations in India around three years ago. In this short period, we have been able to establish GPX as a "State of the Art Data center" and have become a benchmark in the industry and vendor of choice of marquee customers. Normally, it takes several years for a new player like GPX to establish a data center business when there are already several other large incumbents, says Manoj Paul, Managing Director, GPX India, in an interview with Poulami Chakraborty of Elets News Network (ENN).
Corporate Interview MANOJ PAUL
H
ow has been the journey of GPX in the Indian market since inception?
GPX India is a part of GPX Global Systems which is a US-based organisation, founded by people who held leadership positions in companies running data Centres, metro ethernet and undersea cables etc. The company was founded to create high quality data Centres in emerging markets. We started our operations in the Indian market around three years ago and in these three years we have been able to establish GPX as a “State of the Art” data Centre. Normally, it takes several years for a new player like GPX to establish a data Centre business when there are already several other established players like Tatas, Reliance, Netmagic, Airtel, and others. However, in just three years, GPX has won good orders from Marquee customers, the who’s who of the carrier, content and cloud space worldwide. Today, we claim to be India’s most inter-connected data Centre. By which we mean that we have the maximum number of Telecom service providers (12) and Internet Service Provider (s) {ISP (s)} (over 50) who are connected by optical fibers to our data Centres, as compared to any other data Centre in the country. GPX is also the first Direct Connect Point of Presence (PoP) for AWS in India and also has several other Cloud Service providers and CDN service providers hosted at GPX DC. As a result of these successes, within three years we have been able to become cashflow positive.
Tell us about your ventures in the Banking and Finance sector in India. GPX has several clients in the banking and finance sector. BFSI companies need highly reliable data Centre for their 24x7 operations. We are glad that IFTAS, an IDBRT company, which runs India's largest payments messaging platform, has chosen GPX, where they have set up their DC to provide core banking and other managed services over cloud to banks and co-operatives. IFTAS runs INFINET, the communications backbone between all the banks in India and SFMS, facilitating RTGS and NEFT. A large broking house runs their complete back end and services their downstream brokers from GPX DC. GPX, being India’s only True Carrier Neutral Service Provider has the largest number of Telecom Service Providers connected to our DC and so our customers are not restricted and can use services of any of these TSPs based on their reliability of services, feasibility at remote ends and commercial offerings. Enterprises including banks are also evaluating the option of migrating to cloud or having a hybrid set up of
some applications on their own infrastructure and some on the cloud. GPX is well geared to meet the requirement of such customers with a very highly reliable DC offering 99.999% along with AWS Direct Connect service available in GPX DC. Now customers can host their servers at GPX and use the cloud services of AWS, the world leader using Direct Connect Service of AWS available only at GPX DC, thus connecting to the cloud over cross connects (LAN) of 1 Gbps without having to pay for bandwidth. GPX also has few other large and small partners which provides cloud services including compute, storage and other managed services at GPX data Centre. Thus, whenever a bank/financial institute does not want to spend capex on infrastructure, they can use the services of these cloud service providers. In this way, we believe that GPX can play a very crucial role in the BFSI Sector.
When it comes tapping a prospective client, what are the key USPs on which GPX India vouches? Indian data Centre market is very competitive and there are many large well established players in this business
GPX has several clients in the banking and finance sector. BFSI companies need highly reliable data center for their 24x7 operations. space. Hence, when GPX came into the Indian market three years ago, the market was already mature and we had to differentiate ourselves from the incumbents. To grab the targeted customer’s attention; we built a State of the Art data Centre and got an Uptime Institute Tier 4 design certificate, which is one of the most stringent certification for data Centres and the only DC offering 99.999% uptime. There are only 32 data Centres in the world which are certified Tier 4 by Uptime Institute. Ours is also the most automated data-Centre in the country, so customers can have the confidence that even if an equipment failure happens at wee hours, things will automatically be controlled without any involvement of manpower. We also make the processes very simple to enable our customers to use our services with minimal hassles and without wasting time. And, as mentioned earlier, GPX is the Direct Connect PoP of AWS and the most interconnected True Carrier Neutral DC.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/27
Industry Advertorial
Reduce Security Vulnerabilities with
VYOM LABS’ BMC BLADELOGIC Vyom Labs, the preferred BMC Software partner and the leading IT service management expert, has added one more capability to enable IT operations and security teams to move from a fractured defensive security approach to a coordinated offensive attack with the help of BMC’s BladeLogic Threat Director.
F
or every enterprise, irrespective of its genre and demography, security is of utmost importance. Eighty percent of attackers exploit known vulnerabilities most of which have a published patch available. Study reports by BMC and Forbes Insights found that 44 percent of executives said data breaches occur even when vulnerabilities and their remediation are identified. These vulnerabilities remain unpatched because of the time taken in identification of Security threat and issuing of operation patch. This process often takes as long as 193 days. There is inherent friction between the Security team and the Operations team that results in everything from avoidable security risks, data loss, downtime and excessive labour costs.
Aligning IT with Business
it uses precise threat analytics to enable the relentless and expedient remediation of risks and reduction of the attack surface. As digital services become a competitive force for companies, the number of new services and version updates multiplies exponentially as do the odds of a breach. Now more than ever, it is imperative that companies keep hackers out of their systems Vyom Labs was recently awarded as “best partner of the year in APAC region” by BMC Software.
About Vyom Labs Founded in 2003, Vyom Labs offers end-to-end services and solutions on BMC DSM platform. right from business assessments, implementations, upgrades, customisations, functional and technical support, functional and performance testing, user adoption training and workshops, business intelligence to continual service improvement. Our experience of 550+ projects and expertise around many BMC BSM solutions have given us insights into our clients’ businesses and culture. This has enabled us to bring enhanced value to all our engagements. Please visit www.vyomlabs.com or email us on info@vyomlabs.com for more details.
About BMC BMC's BladeLogic Threat Director is the first solution to give security teams visibility into operational plans while giving operations an actionable view of threat data based on risk level. BMC's BladeLogic Threat Director helps the Security and Operations teams become more agile and quickly move to a proactive security position for both cloud and on-premises systems. Security teams use the Security Dashboard to gain a view into operational plans and SLAs giving them the ability to assess the current security readiness of their organisation. BladeLogic Threat Director provides the Operations team with prescriptive and actionable data to address vulnerabilities based on perceived impact and policy, and
28/BFSI | bfsi.eletsonline.com | DECEMBER 2016
BMC is a global leader in software solutions that help IT transform traditional businesses into digital enterprises for the ultimate competitive advantage. Our Digital Enterprise Management set of IT solutions is designed to make digital business fast, seamless, and optimised. From mainframe to mobile to cloud and beyond, we pair high-speed digital innovation with robust IT industrialisation-allowing our customers to provide intuitive user experiences with optimized performance, cost, compliance, and productivity. BMC solutions serve more than 10,000 customers worldwide including 83 percent of the Fortune 500. (Disclaimer: The opinions expressed in this article are the brand’s/ author’s own and do not reflect the view of Banking & Finance Post.)
Corporate Interview GOVIND RAMMURTHY
Innovating with India’s
DIGITALLY EMERGING MARKET: ESCAN In the wake of the Digital India dream, the Indian market is transforming at a faster pace. At eScan, we have been very regular in innovating newer and better solutions to cater the emerging problems of the society, says Govind Rammurthy, CEO and Managing Director, Microworld Software Services Pvt. Ltd. in an exclusive conversation with Poulami Chakraborty from Elets News Network (ENN).
H
ow has been your experience in the Indian market ever since you penetrated in the content security solution sector of the nation?
When we started the company several years ago, 70 per cent of the market was pirated. But in the last five to six years, Indian market has really matured. Customers now realise the need of using licensed software. Today, people are buying software, deploying software and they understand the importance of security within their organisation and at home as well. Because of the various news reports pertaining to security threats in smart phones, PCs etc, people these days are aware and educated about the need and usage of licensed software and use them smartly. Because of the dissemination of information in the past few years, the market has really increased and matured to the optimum level.
IT has penetrated almost all the sectors of operation and has found its usage across sectors. Can you kindly explain your brand’s presence and scope of penetration for times to come? When it comes to IT Security, it encompasses all the seg-
30/BFSI | bfsi.eletsonline.com | DECEMBER 2016
ments. Today, be it in education vertical or health vertical or in small scale industries or large ones, IT security plays a crucial role for the well being and growth of any company. eScan is working on several industries and our products are available in 22 different languages .This is how we are able to serve world markets and markets where languages are difficult. Hence, we are catering to individual users to big enterprises, serving them their customised category of solution. In true sense, we are an internationally accepted player. With passing years our volume of growth will multiply exponentially.
How do you perceive the brand’s growth in Indian market in comparison to the rest of the world? As far as developed nations are concerned, the IT infra-
Corporate Interview GOVIND RAMMURTHY structure available to them is extremely good. In India, we are lagging far behind all these nations, when it comes to infrastructure. The IT infrastructure in those countries being well accessible with a very good depth, and optimised for easy usage, the acceptance and penetration of IT is extremely high than what it is in our country. However, in our country, we are still in the process of developing good infrastructure.
Can you elaborate on how eScan is serving the governance sector, IT and enterprise sector and the BFSI sector? When it comes to governance, one of the key things that we do is creating policies and frameworks. As a parent vendor company, which understands the nuances of security, we work with the central organisation or the government in order to put this frameworks and policies in place, which is cumulatively called as ‘e-governance’. When it comes to financial sector we must remember that it is an industry in its own and we have solutions which are specifically targetted to financial sector. The biggest reform that we see is educating the industry people about the importance of security in their domain of working. Until that happens, it is really difficult to push the policy changers to adopt the policies and framework we are suggesting to them. For example, Indian banks still send e-mails to their customers about certain matters. However, in the western world, it is clearly mentioned to people to not trust any e-mails. Moreover, sending attachments through a medium as volatile as e-mail is an unwise act. Thus, to make Indian financial sector understand the importance of information security, first they must be educated about it.
What challenges do you face while penetrating in the Tier II or Tier III cities? In Tier II or Tier III cities we do face challenges, primarily because of lack of infrastructure. Today, when we are releasing updates, it accounts to nearly 1 MB or 2 MB updates per day, depending on the volume of malwares we are able to detect, on a daily basis. However, in smaller cities availability of this infrastructure in order to download this tool is also a big challenge. However, people here in these cities are educated and understand the importance of security and adopt these changes from time to time.
India is transforming into a digital society, please tell us how important is IT security in this context? When a nation is working towards digitisation, IT infrastructure has a greater role to play. Thus, it is important that the government looks after all the security aspects, even before they roll out any new services or products for mass adoption. It is important that we impart lessons to
the upcoming generation on adoption of IT security and exploit internet wisely, rather than teaching them programming languages. The whole exercise should start from the grass-route level on a mandatory note; which may impact five years down the line, resulting in better ‘Digital India’ with responsible users and policymakers, who will be able to exploit the opportunities wisely.
eScan, as a brand, has been very regular in innovating newer and better solutions to cater the emerging problems of the society. Today’s biggest threat to enterprises and economy in general is ‘ransom-ware’. Please share with us the brand’s pipeline for Indian market that you would like to slate out in the next few years? eScan, as a brand, has been very regular in innovating newer and better solutions to cater the emerging problems of the society. Today’s biggest threat to enterprises and economy in general is ‘ransom-ware’. Recently, we have launched a solution for this threat of ransom-ware, and we will continue exploring newer avenues regularly to curb this threat to extinct in the times to come.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/31
Industry Speaks
COMPOSITE AUTHENTICATION; NEW AGE RISK MANAGEMENT: CROSSMATCH Data breaches have plagued organisations of all sizes, both commercial and governmental, for over a decade and show no signs of abating. Alarmingly, the costs associate with data breaches are climbing fast.
I
n Finance and Banking alone the average cost per stolen record is $215 (2015 Ponemon report). The costs associated with the recent OPM breach may never be fully known but it is clear that its impact goes way beyond financial considerations; the breach has threatened the anonymity of field personnel, possibly putting them in harm’s way. Research shows that most breaches are due to compromised or stolen credentials. To combat this scourge, many organizations are beginning to implement two-factor and even multi-factor authentication, but is this an effective approach to stopping the rampant theft of data?
Additionally, most authentication solutions don’t take risk into consideration, that is, the value of what is being accessed, who is accessing it, as well as when and where it is being accessed. The same authentication policy is enforced for all use cases, regardless of risk. It makes no sense to impose productivity draining authentication policies on users that only want to edit a run of the mill office document. It makes abundant sense to aggressively protect access to trade secrets and critical financial information with stringent authentication policies. A secure, flexible and dynamic approach to authentication is needed.
Why Multi-factor Isn’t Enough
Composite Authentication – the Modern Approach to Authentication
Multi-factor authentication was designed to add additional layers of security to network and system access. While this might seem to provide stronger authentication security, it suffers from serious limitations. In practice, most solutions only supply two factors – a password and a One-Time-Password (OTP). The continued reliance on user-generated passwords as an authentication factor should be of concern to anyone thinking about adopting such a solution. Further, limiting the second factor to an OTP doesn’t provide the flexibility to cover all use cases and applications; the approach is just too simplistic.
Despite the large investment being made in authentication solutions, the biggest impediment to a workable solution hasn’t been removed – the reliance on human compliance and cooperation. Humans are incapable of creating and remembering strong passwords and defeating them is fairly straight forward, meaning that most multi-factor authentication solutions can ultimately end up relying on one factor alone, an OTP.
32/BFSI | bfsi.eletsonline.com | DECEMBER 2016
Composite Authentication was designed to provide strong, risk-aware authentication that goes far beyond static multifactor approaches and eliminates the reliance on people. As traditionally defined, multi-factor authentication is comprised of what a user knows (e.g. a password), what a user has (e.g. a smartcard), and who a user is (e.g. a fingerprint). Composite Authentication introduces additional risk factors that allow organizations to strengthen and tailor authentication polices to fit specific use cases and risk profiles:
The Crossmatch® DigitalPersona® Composite Authentication approach offers the broadest set of factors, creating the right mix of authentication options for every user, moment by moment. It goes beyond traditional authentication to provide risk-based factors that deliver the strongest, most complete protection available to secure all networks, applications, data and systems. To learn more, visit cm.crossmatch.com/digitalpersona/
Corporate Interview ILIAS CHANTZOS
Symantec - OFFERING SHIELD AGAINST CYBER ATTACKS
The dynamic shift of cybercriminals stresses upon the need for policy and legislative solutions, including protecting critical infrastructure, enhancing data-breach reporting, improving cyber threat information-sharing, and a focus on strengthening public private partnerships, says Ilias Chantzos, Senior Director Government Affairs EMEA-APJ, Symantec, in an interview with Rashi Aditi Ghosh of Elets News Network (ENN). he state of cyber security across the globe is digitally transforming but there are various challenges, can you underline some of them?
T
I think if someone looks at it from a covered policy landscape, we see challenges associated with technology and policymaking. This is the reason why there has been a shift change to cloud. To meet the challenges, there is a need to deploy more Internet of things (IOT) devices as all the threat is emerging due to explosion and proliferation of data. Like other countries across the globe, India too is facing a lot of security threat but as per our observation, India has been extremely successful in terms of digital transformation.
How relevant is Symantec in context of India? What efforts Symantec is taking in terms of India's cyber security? Symantec’s footprint in India is very significant. We have a large development centre in India and our presence in terms of security operations in the country is also huge. A lot of Symantec’s staff is involved in Research and Development in India. Our company is contributing a lot in terms of skill development and capacity building in India. We have partnered with NASSCOM foundation in designing a curriculum around cyber security in India. In my knowledge, the first curriculum of cyber security was already out in April this year. There are a lot of efforts from our end in terms of investments, awareness, skill and capacity building.
With cybercriminals undergoing an organisational shift, they are also adopting corporate best practices and tactics. According to the National Crime Records Bureau (2015) most of the cyber
criminals are students, what is your take on such a threatening situation? In my view, rather than commenting in terms of age group, I believe it is important to look at the entire issue at large as a threat. Lately, people are engaging more and more into cyber crimes because of economy and job prospects.
A study by Symantec (Internet Security Threat Report 2015) says a government organisation that has been attacked virtually can be targeted again, what can be the possible reasons for it? Government sites have higher vulnerability to cyber attacks because of the amount of interesting data it contains. Technically saying, such things happen again because of Malwares that penetrates the system and unless you do a thorough clean up, your system will experience such attacks on regular intervals.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/33
Corporate Interview OMKAR SHRIHATTI
We Secure the Banking Solutions:
KARZA TECHNOLOGIES
G
ive us an overview of Karza Technologies and its operations?
Karza Technologies started its operations in 2015 with a prime focus of providing business and corporate intelligence solutions to banks and financial institutions. Banks and financial institutions need to deal with people or companies they don’t know at all. Only on the basis of few documents, these institutions provide lakhs and crores of loans to them for varied purposes. This is when Karza Technologies comes into the picture. The aim of our business is to integrate all the information at a place that can be communicated to banks and financial institutions. Our core aim is to enable banks and other financial institutions to take informed decisions before they lend money to anyone or partner with any client or before they invest in any company. So, we are into the business of offering intelligent lending solutions. We basically collate the information and share it with clients. We also possess readymade profile of various businesses at our end and we keep adding more information
In the age when data security and credibility is a major concern, we, at Karza Technologies, provide business and corporate intelligence solutions to banks and financial institutions. We do investigation of the information and provide solutions to our clients, says Omkar Shrihatti, Co-founder CEO, Karza Technologies. Excerpts:
34/BFSI | bfsi.eletsonline.com | DECEMBER 2016
Corporate Interview OMKAR SHRIHATTI as we continue the investigation. We are very soon starting online portal where clients will be able to extract required information themselves.
Kindly share about your clients’ profile? We are serving about 10 to 12 clients which includes cooperative and government banks. We are also working with NBSCs, corporate and few large cement companies. These companies have subscribed to our services for checking credibility of their foreign vendors and distributors across the country - and other financial institutions. We also work with two or three consulting firms and assist foreign companies by helping them in identifying the credibility of companies before they enter into a joint venture in India.
InstaKYC is one of your prominent applications. Will you please update us on the advantages on this application?
a customer or a particular business in a standardised style. This is the primary challenge we face.
What are your expansion plans? Are you planning to expand your team?
It is a cloud-based KYC validation tool which assists banks to validate and store 15+ acceptable KYC documents of all their customers in real time directly through government sources. It addresses the most simple but one of the most crucial issues that banks face today – KYC. RBI has penalised several cooperative banks for violating KYC norms and these cooperative banks – more than 40 of them - had to pay about 2 crores as the penalty for non-compliance. InstaKYC assist banks in validating the very basic information about their customers. This information is authenticated directly from government databases. Further, the application also allows centralised monitoring of data which was not possible before and it allows refreshing the KYC information in a more convenient manner.
We may not be expanding our team beyond 15 – 16 people in near future. However, we will certainly grow our business in different geographies to other parts of the nation. We have started our business in Mumbai and Maharashtra and moving
Tell us about R & D in Karza Technologies.
forward, we will be expanding our operations in Gujarat, Goa, Karnataka and other parts of India. We aim to have databases and profiles of each and every business in the globe and understand how they are connected with each other.
In Karza Technologies, Research and development happens on two fronts – first crucial part is to identify right sources where the information can be collected from. Our team has spent about 7 to 8 months in identifying these sources. We use the data which is available in public domain. We have a team of efficient chartered accountants who have experience of collecting and validating information of individuals and companies. Second element is to study the loan fraud cases. We have personally investigated thousands of fraud cases to understand how fraud happens and how people cheat banks and the fake documents are used to cheat banks. We have invested a lot of time and money in investigating these cases.
What are the challenges you face? The major problem is the way the databases are maintained. Each department and organisation maintains the data in their own fashion and there is no uniqueness amongst all of these institutions. This is when Karza Technologies comes into the picture. Despite the disparity in government databases, we – by using our expertises –get all the data in standardised and unified manner. So, you have profile of
We are serving about 10 to 12 clients which includes cooperative and government banks. We are also working with NBSCs, corporate and few large cement companies.
How has been the response from the customers? The larger banks have been able to use such solutions as they are exposed to technological innovation for quite some time now and they are not reluctant to experiment newer concepts and methodologies; however, cooperative banks have not shown enough interest. Cooperative banks are now slowly adopting or planning to adopt new solutions within their banks.
How do you strategise to earn new clients in the market? Our experience is our biggest strength. We have been in the industry for long and have hands-on experience of investigation and identification mechanism. We know how people con banks and financial institutions. Further, we have eminent experts on the board who guide us in making our business effective and easy for clients.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/35
Corporate Interview NILESH JAIN
Trend Micro:
SECURING THE FINANCIAL SERVICES
T
ell us about Trend Micro’s operations in India? Which are the sectors that you cater to the most in the country?
We have been into Indian market since 17 years. We are one of the biggest organisations in the ‘Security’ domain , offering our services to big, medium and small enterprises across the nation. We have a successful track record of working with enterprises and assisting them with required solutions needed to ensure security within their organisations by mitigating prevalent and future risks. Software and server security threats and issues are not restricted to any particular vertical and any organization trying to adopt new technologies to become more agile and com competitive are susceptible to cyber threats. However, as the fact remains, there are few verticals where security can’t be comcom promised at all – Banking, Financial Services and Insurance (BFSI), Defence, Government Institutions, Public Sector Units (PSUs), Pharmaceuticals and IT and ITES etc being some of them. IT and ITES, BFSI and Government Sector are the three vertical that make up to 40 per cent of our business.
How has been the performance of the organisation in recent years? What are the growth drivers?
With the changing technology, issues and challenges are also undergoing a paradigm shift . Just 10 years ago, generic spam was one of the biggest issues for enterprises. This was the time when Trend Micro came out with a required solution to counter generic spam, says Nilesh Jain, Country Manager- India and SAARC, Trend Micro India in conversation with Harshal Yashwant Desai from Elets News Network (ENN).
36/BFSI | bfsi.eletsonline.com | DECEMBER 2016
According to a recent independent report, we - with 25 per cent market share - are the largest security player in Asia Pacific region. We are the fastest growing company among all our competitors. Our ability to solve customers’ pain is the biggest growth drivers for us across the world. With the changing technology, issues and chal challenges are also going through a paradigm shift. 10 years back, generic spam was one of the biggest issues for enterprises. This was the time when we came out with a required solution to counter generic spam. Later, we offered solutions for virtualisation platform for our customers.
Corporate Interview NILESH JAIN We introduced first specific virtualised solutions for customers. Later, when our customers and enterprises in general started adopting cloud computing technologies, we again introduced solutions which could help customers to migrate to cloud in a secure way. Today, we collaborate with Azure, AWS, IBM, etc to offer apt and advanced cloud migration services to our customers. Further, we also offered solutions to save our customers from targeted attack. Currently, ransomware is of the most challenging issues. Earlier the virus used to attack only individuals, but now it has been attacking public and private enterprises of all sizes. Last year, we had launched a specific solution to protect customers from ransomware. Our ability to protect customers is an important element which is actually helping us to grow. We are number one in cloud and virtualisation security globally and in India as well. Some of the largest banks, IT and ITES and manufacturing businesses using Trend Micro’s deep security solutions to protect their data centre and servers.
Please update us on the launch of XGen™ Endpoint Security. As stated earlier, this new offering is powered by the XGen™ blend of cross-generational threat defense techniques that intelligently applies the right technology at the right time, resulting in more effective and efficient protection against a full range of threats. I am glad to share that Trend Micro has been named a leader in Gartner’s Magic Quadrant for Endpoint Protection Platforms since 20023. In 2016, Trend Micro placed furthest to the right in the quadrant for Completeness of Vision.
What are the benefits of moving to cloud? Moving to cloud bring a lot of benefits to the customers. It brings in lot of agility and flexibility. Besides, it also ensures a huge cost advantage for the customers. However, we have seen that enterprises are still apprehensive about the security of their data hosted on cloud for the simple reason that customers do not know where the data is hosted and how it is protected. Further, they are also not sure about the roles of cloud service providers and themselves in managing and protecting the data. These are the two most basic concerns of customers – particularly the customers who are driven by law enforcement agencies of compliance agencies in India as they do not have clear guidelines on several cases. The guidelines are evolving and some players from BFSI have now started using cloud. We believe that we are catalyst for those who want to move to cloud faster. We believe in ensuring hundred per cent security for the customers by keeping all the answers pertaining to cloud computing security ready for them. We not only assist customers but we also help cloud service providers to ensure data security with our solutions.
How has been your experience of working with BFSI and Government Sector? Overall, the journey – though it has been challenging – has been good. We have been successfully working with them (BFSI and Government Sector) for many years now. Initially, enterprises would not bother about cyber attacks until they see it happening, but recently, companies are taking proactive approach to counter-attack the cyber threats. Hence, they are ensuring proper security features within their organisation. We must understand that every organisation’s risk profile is different from others. It depends a lot on several elements including operating systems, software and networking platforms and architectures they use within their premises. There can never be one-fits-for-all kind of solution. You need solutions which can be executed in heterogeneous environment. Risk dynamics are changing and threats might enter from multiple entry point. So, you do not just need to block those multiple entry point, but, you also need to increase the visibility so that you can take proactive measures to counter attacks. From these perspectives, I can certainly assure that Trend Micro can play a critical role in
We have been into Indian market for 17 years. We are one of one of the biggest organisations in the ‘Security’ domain , offering our services to big, medium and small enterprises across the nation. determining the security all around and create a safer environment for our customers.
What is your viewpoint about the preparedness of Indian enterprises to face cyber attacks? Enterprises in India have certainly started to battle against the cyber attacks. This is actually an ongoing process. Technological advancements not only assisting us to secure our systems, but these are also being manipulated by the hackers. Hence, it is very imperative to stay one step ahead. I will like to convey that we should not wait for the attacks. Proactive approach is very important.
What are the Trend Micro’s R& D activities? Sizable amount of our budget goes into our research and development activities. Our research team is spread across the world. We have our experts in USA, Japan, India, China, Taiwan and several other locations who are persistently involved in bringing new and innovative solutions to the table. In India, we have a small but important team which works on the upcoming threats that may adversely affect the operations in different organisations.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/37
Corporate Interview YOGESH PARALKAR
InfrasoftTech
OFFERING SOLUTIONS OF CHALLENGES IN BANKING Digitisation is making a huge transformation in India. Soon we are going to experience how financial institutions make sense of their data using sentiment analysis. We are looking at a paradigm shift with automated functions, integration of Internet of Things, Omni-Channel experience, says Yogesh Paralkar, Head - SBU India Product at InfrasoftTech India Ltd, in conversation with Elets News Network (ENN). Excerpts:
T
ell us about your market presence in India.
InfrasoftTech had started its operations in 1995. Presently, we have Core Banking Solution in 300 + Co-operative Banks, 200+ banks on CBS Clouds, 150 + AML customers across 34 countries, Comprehensive Digital solutions with 100 + Banks, Financial Institu Institutions and governments. We (InfrasoftTech) are a fintech digital solu solutions provider, serving 450+ financial institutions across 36 countries. InfrasoftTech offers a wide range of Banking Products, Framework-based Solutions and Specialised Services. We have over 20 years of experience in serving a crosssection of financial enterprises – Retail and Commercial Banking, Investment Banking, SME and Asset Financing, Asset Management, Wealth Management, Brokerage, Capital Markets, and PayPay ment Services.
What are the current trends pertaining to digital market? Digital 1.0, which is going digital and mobile for a bank, is no longer an option. Digitalisa Digitalisation has provided mission critical solutions to banks and financial institutions for their short-term and long-term business and technology requirements. Banks are now adopting big data to harness insights from unstructured data. We're calling this "Digital 2.0." In digital 2.0, you will see a transformatransforma
38/BFSI | bfsi.eletsonline.com | DECEMBER 2016
tion in how financial institutions make sense of their data using sentiment analysis.
What are the upcoming solutions for banking in the digital age? We're looking at a paradigm shift with automated functions, integration of Internet of Things, Omni-channel experience. In the near future, banks will be using the realm of augmented reality to re-introduce cross-selling. Big data will be used to manage customer portfolios by looking at historic data, to depict expectations from the market. Your data may not be big but it can definitely be smarter. Technologies like machine-learning will ensure efficient banking.
What do you see as current challenges and opportunities for cooperative banks in India? Co-operative Banks are small in size, limited branch network. Hence, they find it difficult to compete with nationalised and private sector banks. However, Digital Age will change the scenario for these co-operative banks. One of the most important things for any co-operative bank is its personal touch with customers and vice-versa customer’s confidence in bank, efficiency in managing their funds properly. These things help co-op. banks to retain their existing customers as well as with new digital age offerings like UPI which will help them to attract other banks customers also. Digital channels will increase their reach for new customers.
Which other markets InfrasoftTech is present in? InfrasoftTech is headquartered in Mumbai and has operations spread across North America, UK, Africa, Middle East and South East Asia. We offer a blended service delivery to suit the client’s requirements through our near-shore delivery centers in London, Jersey and Toronto, our Global Delivery Centers in Mumbai, Pune, and Chennai and a business partner network in over 20 countries.
7th
Corporate Interview ATUL SINGH
Enabling Innovation
IN DIGITAL SECURITY SERVICES: GEMALTO In the present scenario, banks operate in a highly dynamic environment. Digital advancement along with cyber security has emerged as the new tranquillity for the financial services, says Atul Singh, Regional Director, India Subcontinent, Banking and Transport Solutions, Gemalto, in conversation with Elets News Network (ENN).
K
indly give a brief overview of Gemalto?
Gemalto is the world leader in digital security services. Headquartered out of Amsterdam (Netherlands), Gemalto delivers technology solutions to businesses and governments, authenticating identities and protecting data to enable safe communication between connected devices whether personal or public or on the cloud. Only on the basis of few documents, these institutions provide lakhs and crores of loans to them for varied purposes. Our innovation driven organisation is formed of 14,000+ employees and 27 research and software development centres located in 49 countries. In India, we have been present for two decades since 1996 and operate out of four locations – Delhi, Gurugram, Mumbai and Noida. Gemalto recorded 2015 annual revenues of 3.1 billion. Gemalto is working with almost every major bank in India to deploy EMV chip
50/BFSI | bfsi.eletsonline.com | DECEMBER 2016
cards as per the Reserve Bank of India (RBI) guidelines. Globally, our network of over 80 partners and 20 banking card personalisation centres, provide the responsive local service for rapid rollout in new and developing markets. Our organisation has been working with almost all the major telecom operators in India. We have implemented telecom solutions for some big operators in India. With presence in over 100 government programmes, we help agencies rollout robust digital identity solutions. We also provide solutions to secure eGov services, identity documents, travel documents and border management.
With mobile banking taking its time to win customers' confidence, how your solutions can help banks earn that trust swiftly? Today, banks operate in a highly dynamic environment. Mobile banking is a natural consequence of technological disruption. It is the demand for safe, secure and convenient mobile banking combined with the capability of smartphones that has encouraged the banks to roll out their own mobile apps. But today’s consumers have escalating expectations of app services and banks have to stay ahead of these challenges to keep their consumers happy. According to a global survey conducted by Gemalto, of consumers between the age of 16 and 24, it was found that 48% respondents were not willing to compromise on security. Anticipating the growing use of technology for banking transaction, the Reserve Bank of India (RBI) has directed banks to implement a robust cyber security/resilience framework to address emerging concerns. Following the directives, RBI has also set up an IT Examination panel to examine the cyber security initiatives of banks. One such way is the implementation of multi-layered defences. Multi-layered security can be applied in the following techniques: Firstly, every financial institution should implement end-to-end protection strategy to secure all end user touch points. Secondly, to secure all monetary and data exchanges,
Corporate Interview ATUL SINGH financial institutions need to implement strong authentication across all check points starting from the parent body to all the intermediaries like exchanges, treasury, service providers or network operators. Thirdly, while implementing protection layers for customers and back-end-systems, security professionals need to implement real-time monitoring of transactions to analyse communications, identify trends, and therefore prevent any fraudulent transaction While, we give ample amount of importance to transactions, the last and the most important layer of security is implementing a strong encryption policy. This is the first-hand layer of security for data at rest and in transit. For any financial institution, customer data is the most important asset. It is the customer data that can be easily and cheaply intercepted by cyber-criminals for a number of reasons – ranging from data theft to cyberblackmail. With encryption, banks can maintain control of their data, even when it is deployed in the cloud or in their data centre. By moving security controls as close as possible to the data, banks can ensure that even after the perimeter is breached, the information remains secure.
How is Gemalto ensuring a foolproof digitally secure world unlike competitors of your field? Gemalto has a longstanding global experience, and our digital security solutions are widely trusted across different industries including banks, telecom, enterprise, automotive and government bodies. With the acquisition of SafeNet that has its core strengths in data protection solutions, we have combined our expertise to secure a complete infrastructure: network, users, data, and software at the core and at the edge. This is the key differentiator that sets us apart from competing products. In India, Gemalto works with leading public and private sector banks by offering a secure mobile financial environment. We also closely work with leading eCommerce service providers to make shopping secure and convenient for their customers.
As a global leader in digital security, what challenges do you see India is yet to cope with? 80% of Indian banks are susceptible to security threats because they do not maintain their database safely. They need to ensure that access to this data is controlled and secure. For this they need to follow certain protocols that will protect their sensitive information without sacrificing on productivity or data protection. The protocols are: Maintaining data confidentiality of sensitive data by encrypting it
Securing the encryption keys responsible for data encryption Granular access and will grant data on need to know basis Using multifactor authentication to access the sensitive information Managing encryption keys in efficient manner based on defined policies Adding many layers of security like tokenization and secure key exchange for communication over and above data encryption Using encryption for not only preventing the breach in an effective manner but will also ‘Secure the Breach’ in case it happens Gemalto works with major public and private sector banks in India. We have recently partnered with Yes Bank who has deployed Gemalto’s SafeNet Network HSM to secure mobile payment transactions under the Unified Payments Interface (UPI). With this association, we aim to ensure the highest levels of security for users of the platform and aid government’s endeavour to turn India into a cashless economy.
We are serving about 10 to 12 clients which includes cooperative and government banks. We are also working with NBSCs, corporate and few large cement companies. Is Gemalto contributing to any Indian government scheme as well? Gemalto is involved with over 100 government programmes worldwide including electronic-ID cards, passports and driver’s licenses. Gemalto played a key role with industry in the creation of the India national smart card standards –SCOSTA (Smart Card Operating System for Transport Application). Gemalto has rolled-out more than 25 million e-Driver’s Licenses and eVRC (Electronic Vehicle Registration Certificates) in collaboration with several state governments. In the banking and financial front, Gemalto has played an important role in implementation of the Jan Dhan Yojna with National Payments Corporation of India (NPCI), and Unified Payment Interface (UPI) with the Reserve Bank of India (RBI) by enabling security modules for securing data and monetary transactions.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/51
Industry Speaks PRASAD ADIGA
Making Difference THROUGH CUTTING-EDGE INNOVATION AND QUALITY Lyra Infosystems is a medium-sized multinational professional services and consulting company. Known for its code of ethics and professional conduct with a dedicated team of sales, pre-sales, marketing, support and engineers, the company is driving change in the industry through its innovative approach and commitment to quality yra is a medium-sized multinational professional services and consulting company. The company is known for its code of ethics and professional conduct with a dedicated team of sales, pre-sales, marketing, support and engineers. Spread over India and Singapore, the company has presence in all major and strategic cities. Innovation, dedication and productivity are the three important tenets underpinning Lyra's vision to emerge as the world's leading professional services and IT consulting company. In the last one decade, the company has grown from strength to strength to specialise in a wide array of support and comprehensive consultations on all open-source technologies on the back of state-ofthe-art services. The company extends implementation tools, upgrades, security and vulnerability resolution to clients amongst a host of other services. Lyra is also a specialist in DevOps and ARA, RSM, SCM and Information Management Services. With superior industry experience, Lyra’s team is adept at providing cutting-edge solutions to cover the entire gamut of activities around the OSS (Open Source Support) services. The company offers tailor-made solutions to organisations of various sizes in domains including security, training and consultation, OSS services and legal remediation, among others.
L
Seasoned Leader Driving Lyra PRASAD ADIGA COO
52/BFSI | bfsi.eletsonline.com | DECEMBER 2016
Rohit Sharma, Founder of Lyra Infosystems, drives the sales of the company that was
Industry Speaks PRASAD ADIGA established in early 2007. To gain the level of technological depth, expertise and scale, Lyra makes the most of Rohit's experience of more than two decades in sales, marketing, operations and management in leading companies like SDRC (India office) ISI (Integrated Systems, Inc., APAC Office based out of India), Wind River Systems and PixTel Communications. Rohit has been part of a couple of start-ups as a founding member. His contribution is immense in establishing them as successful and stable organisations today.
Proven Expertise Distinguishes Lyra Lyra has the first-mover advantage and hence enjoys the technological leadership and proven expertise in offering distinguished services. The brand Lyara is synonymous to security and efficiency, anchored by a team with long learning curve. It clearly reflects in the customer experience -- from conceptual stage to implementation. Innovation being one of the guiding principles, R&D is the cornerstone of Lyara's organisational structure from sales to marketing, legal and IT. The R&D team appoints advisers for intellectual property and finance, develop overseas market entry plans, seek new market segment for their services and solutions and commission assessments of key markets. Lyra also pursues strategic alliances with the pioneers of DevOps, SCM, RSM and OS.
Challenges made us Wiser Being a pioneer, Lyra inevitably faced the gauntlet of creating and marketing the new services and solutions. We faced challenges at various levels. Apart from the financial challenge, Lyra was confronted with tough tests like Need or Gap Fixing while introducing a new solution in the region. The company spent years to create awareness about the revolutionising solutions among those who were new to that. Research was one of the biggest challenges, as gathering primary and secondary data to back certain assumptions on business projections was the key. In this ever-expanding and ever-changing IT era, where organisations need to battle hard for their survival, Lyra also faced difficulties in finding trustworthy partners. Forging partnerships paid great dividends, but Lyra had to consider a variety of factors before making any decision to collaborate with another company working in the same ecosystem. To reap the maximum benefits out of a partnership, Lyra looked for organisations that are pioneers in their segment and have a good reputation amongst the industry giants. Facing these challenges early on, helped us grow wiser.
Client’s Benefits Lyra offers distinguished services and solutions across the ASEAN region. The clients have seen several operational and financial gains from Lyra like reduced overheads, optimum efficiency, etc.
For reducing business risks, Lyra protects corporate IP, assists with compliance reporting. We enable the implementation of a repeatable business process to support corporate compliance policies. Lyra Protects and Accelerate Software Development by giving deep insights into projects including known vulnerabilities, license requirements, and project activity. Plus, it alerts companies when any new vulnerability is identified for those projects and helps them manage and track remediation activities. For enhanced security, Lyra adds extra layer of online and network security. With the experts in privileged access and password management, Lyra assists you in incorporating privileged session management with a secure password vault to ensure that privileged account passwords are protected and are impossible to penetrate by unauthorised individuals. Lyra’s commitment to business excellence, strategic partnerships, and enduring customer relationships culminates into best-in-class IT counsel and services exceeding expectations. Their expansion in ASEAN and a long list of clients from different verticals and regions showing Lyra is on the right path,
Assess, manage, customise, deploy – at Lyra, we make software practices and solutions enablement that simple and assures that this would definitely go beyond the boundaries of ASEAN.
The Future is Open Source Black Duck’s annual 'Future of Open Source Survey' shows that 56 per cent of corporations contributed to open source projects in 2014. The world is witnessing the next wave of open source, companies like Twitter, Facebook, Netflix, and Ericsson are participating in the OSS community, and developing and using open source in their own frameworks. 55 per cent of respondents clearly mentioned that open source helped create new products and services and it will be difficult for the companies to develop innovative software without it; companies now understand the rapid, progressive development it enables. Open source is the future of technology. And, Lyra’s progressive experience and expertise in Open Source domain will definitely assist the companies with the adoption and correct usage of Open Source.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/53
4
POWER
PACKED MAGAZINES
ASIA’S FIRST MONTHLY MAGAZINE ON e-GOVERNANCE
A QUALITY MAGAZINE ON BANKING AND FINANCE
ASIA’S FIRST MONTHLY MAGAZINE ON ICT IN EDUCATION
ASIA’S FIRST MONTHLY MAGAZINE ON THE ENTERPRISE OF HEALTHCARE
SUBSCRIBE TO NOW
BFSI
SUBSCRIPTION ORDER CARD Duration (Year)
Issues
Subscription USD
Newsstand Price INR
Subscription Price INR
Savings
1 2
12 24
300 500
900 1800
900 1500
3
36
750
2700
2000
-`300 `700
*Please make cheque/dd in favour of Elets Technomedia Pvt. Ltd., payable at New Delhi
I would like to subscribe:
egov
digitalLEARNING
eHEALTH
The Banking & Finance Post
Please fill this form in CAPITAL LETTERS First Name ............................................................................................... Last Name ............................................................................................................. Designation/Profession ........................................................................ Organisation ......................................................................................................... Mailing address ........................................................................................................................................................................................................................... City ............................................................................................................ Postal code ........................................................................................................... State .......................................................................................................... Country .................................................................................................................. Telephone ................................................................................................. Fax .......................................................................................................................... Email ......................................................................................................... Website .................................................................................................................. I/We would like to subscribe for
1
2
3
Years
I am enclosing a cheque/DD No. ................................................ Drawn on ............................................................................. (Specify Bank) Dated .................................................................................................... in favour of Elets Technomedia Pvt. Ltd., payable at New Delhi. For `/US $ ............................................................................................................................................................................................ only Contact: Elets Technomedia Pvt Ltd — Stellar IT Park, Office No: 7A/7B, 5th Floor, Annexe Building, C-25, Sector 62, Noida, Uttar Pradesh 201301, Phone: +91-120-4812600 Fax: +91-120-4812660, Email: subscription@elets.in
Subscription Terms & Conditions: Payments for mailed subscriptions are only accepted via cheque or demand draft • Cash payments may be made in person • Please add `50 for outstation cheque • Allow four weeks for processing of your subscription • International subscription is inclusive of postal charges.
YOU CAN SUBSCRIBE ONLINE http://www.eletsonline.com/subscriptions/
Corporate Interview SANJEEV BHASIN
Ceeco Technologies: DIGITALLY
TRANSFORMING INDIA Having started off the operations from 16 mm films and projectors, overhead and slide projectors, Konika films and Hot Shot cameras, the company has been in sync with the changing technology and products, says Sanjeev Bhasin, Managing Director, in conversation with Elets News Network (ENN).
T
ell us about the circumstances in which Ceeco Technologies has been in existence since the 80s.
Ceeco Technologies was established in 1986 as “Cinesonic Electronic Equipment Pvt Ltd” In order to address Cinema and Sound opportunities that existed during the time. We have seen the change from Analog to Digital era. Having started off the operations from 16 mm films and projectors, overhead and slide projectors, Konika films and Hot Shot cameras, the company has been in sync with the changing technology and products.
How has been the journey of thirty-plus years? In its 30 years of journey, Ceeco has set new benchmarks in design quality, technological expertise and project management in auditoriums, conference rooms, boardrooms, seminar rooms, broadcast and post production studios, network operating centres, digital signage applications, distance learning etc. The organisation, over a period of time, has evolved into a multi-product and divisional entity with a strong network of distributors and dealers across India. Building long-term relationships with suppliers, customers and team members has helped us create a credible and respected business.
Would you elaborate about your prime product ClickShare? This is an incredible piece of equipment manufactured by Barco Belgium. It is a must for every boardroom or meeting room. It is a very innovative wireless presentation tool that makes connecting to meeting room’s display system a matter of clicking a button. It allows all present participants in room to participate more actively. This is done by unique ClickShare Button or by installing a simple app to share content from an Android or iOS Smartphone or Tablet. It creates its own Wi-Fi network, bypassing the one of the organisation and thus completely reducing IT intervention. It can convert the existing VGA cabled analog meeting room to a 100% digital and BYOD compatible meeting room within no time.
What about the security aspect of this device? This device is totally secure, as it creates its own Wi-Fi that can be accessed by only those who have the authorisation to do so. There are three levels of security features in this device. The first level offers solid security for normal dayto-day operations in any organisation. This offers standard security features plus encryption of audio and video data. The second level offers a higher degree of security, fit for organisations that are more sensitive to security matters. This offers standard and level 1 security features plus mandatory PIN code for mobile apps and buttons, alphanumeric PIN codes, hardware certificate required for pairing buttons. The third-level is fit for organisations that have extremely strict requirements with regard to security. This offers standard, level 1 and level 2 security features with no sharing from mobile apps, no sharing via Airplay, no wireless access to the web user interface, no option to revert to older versions of firmware.
Do you have any expansion plans? We are making our presence felt across the country. We are already conducting business in all metro cities of India and our next step will be to establish ourselves in tier-two cities. Our workforce is busy touring the country with our products and soon we will be having permanent bases there.
DECEMBER 2016 | bfsi.eletsonline.com | BFSI
/55
Overview Odyssey is a leader in delivering cybersecurity solutions and services in Southeastern Europe and the Middle East, with offices in Cyprus, Greece, Serbia, and the United Arab Emirates.
Exposing Cyberthreats with Predictive Analytics and Machine Learning
“Implementing Cloudera Enterprise into the ClearSkies platform, we managed to deliver advanced statistical and behavioral analytics along with machine-learning capabilities. These capabilities enable our clients to quickly and effectively identify cyberthreats that otherwise will go undetected.” —Christos Onoufriou, CEO, Odyssey
Odyssey was founded in 2002 to help organizations effectively and efficiently manage their information security risk. The company is ISO 27001 certified, is a Qualified Security Assessor (QSA), and is an Approved Scanning Vendor (ASV) accredited by the Payment Card Industry Security Standards Council (PCI SSC). ClearSkies SECaaS SIEM platform with Big Data Security Analytics, a homegrown product of Odyssey, is a full-featured, powerful, and flexible next-generation security information and event management (SIEM) solution that addresses the need of organizations of any size and industry to manage the wealth of log data generated by their mission-critical systems, applications, and communication links.
Impact For Christos Onoufriou, CEO, Odyssey, migrating the ClearSkies platform onto Cloudera Enterprise has expanded the platform’s functional capabilities and performance by making possible the delivery of security analytics through the fast, efficient collection of large volumes of heterogeneous data sets. “Cloudera with Apache Hadoop gave us unprecedented scale and analytics,” said Onoufriou. Added Eleftherios Antoniades, Founder and CTO, Odyssey, “It facilitates faster security investigation and remediation, which is pivotal to a next-generation SIEM solution, and improves our ability to detect emerging cyberthreats and trends, such as changes in user behavior.” Indicatively, during the investigation of a client incident, Odyssey rapidly analyzed and correlated, in real time, close to 15 billion log entries, which helped the client uncover an advanced, persistent threat in which confidential company information was being sent outside the network perimeter firewall. “Without Cloudera and Apache Hadoop, this wouldn’t be possible,” said Antoniades.
Business Drivers Odyssey was facing collection and processing bottlenecks, limited search capabilities, and constraints in delivering real-time statistical and behavioral analytics because its legacy databases couldn’t easily scale to support the increasing amount of log data from client mission-critical systems, applications, and communication links. “We had billions of log data coming in and we were going to reach a point where we wouldn’t be able to actually produce, in a reasonably quick way, the analytics customers wanted,” said Onoufriou. Added Antoniades, “We investigated ways to not only resolve the performance issues, but also to provide more capabilities to our clients. Our vision is to put everything together for our clients, including vulnerability data, threat intelligence, and security analytics.”
CONNECT Key Highlights Industry • Cybersecurity solutions and services Location • Headquartered in Nicosia, Cyprus Business Application Supported • Next-generation SECaaS security information and event management (SIEM) with Big Data Security Analytics Impact • Increased visibility into emerging cyberthreats, including zero-day attacks and insider threats • Provided unprecedented scale and speed • Enabled delivery of powerful operational analytics Technologies in Use • Apache Hadoop Platform: Cloudera Enterprise, Data Hub Edition • Apache Hadoop Components: Apache Flume, Apache Impala (incubating), Apache Spark, Cloudera Manager, Cloudera Navigator, Cloudera Search, HDFS
Solution To integrate big data analytics into its ClearSkies platform, Odyssey implemented Apache Hadoop using Cloudera Enterprise. With Cloudera, the company can now collect and combine any volume or type of log data in its original fidelity, and deliver real-time security analytics capabilities, all within a single, enterprise-grade platform. For example, Odyssey has implemented predictive models that leverage streaming data and data at rest to enhance the detection of cyberthreats, including botnets, malware, and zero-day exploits. In addition, behavioral models help expose abnormal user activity that may be related to potential malicious activity or insider threats. Through the statistical capabilities of such models, Odyssey’s clients can customize the sensitivity of the models based on their operational needs, simply by adjusting a predefined threshold. This is vital in helping reduce the number of false-positive alerts, allowing security analysts to focus their efforts on the investigation of real threats. “For one business, it may be acceptable to see 1,000 failed authentication requests each hour; however, for another, five failed authentication requests in a minute would be considered a high number,” said Antoniades. “Using machine-learning techniques, our predictive models are customized by being trained according to each customer’s environment, adjusting on that specific environment’s characteristics. This can minimize the number of false positives by 95 percent.” Modernizing the Data Architecture Using Apache Flume, it is now possible to inject more log data for processing in real time, which helped the company eliminate the processing bottlenecks and data latency issues it previously experienced. Apache Spark delivers the processing performance required to integrate threat intelligence with log data. Apache Impala (incubating) enables the organization to perform daily, hourly, and, even, seconds-based aggregations on log data generated over the course of a year—a critical capability in understanding user behavior and uncovering anomalies. It also accelerated reporting, with reports delivered in seconds instead of hours. Using Cloudera Search, clients can perform complex search queries across billions of log data in a matter of seconds. “With Cloudera Search, our clients can identify in real time potential threats and attacks,” said Onoufriou.
Why Cloudera Odyssey evaluated several Hadoop vendors before selecting Cloudera. “We prepared a POV [Proof of Value] document asking vendors to demonstrate their technology and technical skills for helping us in resolving the bottlenecks that we were facing for collecting, processing, and analyzing log data, and sharing with us their knowledge and understanding to support our vision,” said Antoniades. “Only Cloudera was able to demonstrate that they had the product, expertise, and knowledge to help us understand how we would be able to overcome the limitations we were facing. Moreover, they shared their knowledge and understanding to support our vision, and, most importantly, they delivered.” He added, “Cloudera also helped us in simplifying the management, administration, and scalability across the Hadoop clusters using Cloudera Manager and Cloudera Navigator.”
About Cloudera Cloudera delivers the modern platform for data management and analytics. The world’s leading organizations trust Cloudera to help solve their most challenging business problems with Cloudera Enterprise, the fastest, easiest, and most secure data platform built on Apache Hadoop.
cloudera.com 1-888-789-1488 or 1-650-362-0488 Cloudera, Inc. 1001 Page Mill Road, Palo Alto, CA 94304, USA CUSTOMER SUCCESS STORY
© 2016 Cloudera, Inc. All rights reserved. Cloudera and the Cloudera logo are trademarks or registered trademarks of Cloudera Inc. in the USA and other countries. All other trademarks are the property of their respective companies. Information is subject to change without notice. Cloudera_Odyssey_Cybersecurity_Case_Study_102
Industry Speaks
Adoption of Risk Based
SUPERVISION IN BANKING AND CAPITAL MARKETS In 2013, Reserve Bank of India (RBI) implemented Risk Based Supervision (RBS) for over 30 banks in India, and plans to extend it to the remaining banks as well, writes Oscar Martins, a Director with Protiviti India’s Financial Services Industry (FSI) practice, which provides world-class professional services across governance, operations, risk, compliance and internal audit to global and local companies in the financial service industry.
R
BS focuses on evaluating present and future risks, identifying incipient problems and facilitate early corrective action. This is intended to replace the present compliance-based and transaction-testing approach (CAMELS) which is more in the nature of a point in time assessment. Under RBS, the supervisory stance would be determined based on a supervisory analysis of its position on a Risk-Impact Index Matrix rather than its volume of business.
The supervisor would also increasingly use thematic reviews as a tool of supervision, whereby review of a particular product, market or practice using a specialised team would be made to assess risks brewing within the sector or at system level for enabling prompt actions.
Capital Markets In 2015, SEBI also adopted a risk-based supervision model for capital market intermediaries (including stock brokers and mutual funds), who were categorised based on their risk levels, and the quantum of surveillance and number of inspections would increase as per the risk level. The new model would follow four distinct steps -- assessing the risks posed by a market entity, assigning 'risk and impact rating' to it, determine the supervisory risk rating score and then adopt a suitable supervisory approach. The
58/BFSI | bfsi.eletsonline.com | DECEMBER 2016
overall risk profile of an entity would be computed as a function of two components -- business or activity specific risk and the impact risk arising out of default or failure, rather than individual factors such as turnover, complaints, penalties, etc. In September 2016, SEBI issued enhancements to the risk based supervision model for stock brokers and depository participants, by issuing detailed guidelines for monitoring their financial strength, uniform naming and tagging of bank and demat accounts, detecting any misutilisation of clients' funds, and revamping the existing system of internal audit. For monitoring financial strength, stock exchanges and depositories have to frame various event based monitoring criteria based on market dynamics and market intelligence. For monitoring of clients funds with the stock broker, a sophisticated alerting and reconciliation mechanism, is to be established by stock exchanges to detect any misutilisation of client funds. Also, changes in the Internal Audit system include rotation of Internal Auditors, formulation of objective sampling criteria, monitoring of quality of Internal Audit Reports, timelines for submission etc.
Way Forward Challenges are plenty both for the supervisors and the financial institutions as the industry grapples with wideranging issues including efficacy of risk management systems, cost of compliance, scalability of regulatory reporting processes and data quality. Preparing for risk based supervision will require both banking and capital market entities to significantly improve their operations, risk and compliance monitoring and reporting capabilities, as well as demonstrate robust data governance, internal control and internal audit frameworks. ď Ž (Note: The FSI team consists of knowledgeable professionals with decades of experience working with FSI clients in multiple sectors.) Disclaimer:The opinions expressed in this article are the author's own and do no reflect the view of Banking & Finance Post aga ine.
@