The Business Opportunity of Basel 2

By | September 1, 2006

In most cases, more demanding RTOs and RPOs will demand higher capital expenditures to established required capabilities, so an IT manager must set priorities to at the same time ensure security and meet budget. For example, could a bank afford to be without e-mail longer than it could an online mortgage-sales application?

Once needs are assessed, RTOs and RPOs are built into service-level agreements (SLAs) and mapped to technology capabilities. The range of data-protection solutions in enterprise networking today is wide — from backing up data to tape once per day to continuous, synchronous data mirroring between data centers. The financial-services industry, where tremendous volumes of constantly changing data are the lifeblood of business, enterprises deploy some of the most sophisticated capabilities. Optical fiber is the preferred high-speed communications medium for interconnecting data centers separated by up to 200 kilometers, and the key traffic-handling technology is Wavelength Division Multiplexing (WDM). By splitting light into wavelengths and assigning different colors to different application channels, WDM cost-effectively multiplies the amount and types of traffic that can be carried across a strand of optical fiber.

Securing Data During Transport

The next step is ensuring the security of data while in transit between secure corporate facilities. What characteristics must the transport layer exhibit to meet Basel 2 requirements for access, system and data security. A financial-services provider must: secure remote access to the network, secure the optical fiber itself and ensure availability of transmission lines.

To protect the remote-access path from unauthorized access, a stringent login procedure should be implemented, relying on central RADIUS authentication servers and the Secure Shell protocol. WDM technology makes traffic eavesdropping difficult because individual wavelengths are assigned to specific channels. In addition, data should be encrypted – either at the server level, to span specific data zones, or, more economically, when bits are injected into a transmission line.

To secure the optical fiber itself, it’s important to monitor for changes in the light signal along a fiber and take action accordingly. (See Figure 2). If the signal suddenly drops, that’s usually an indication that the line has been accidentally severed. If the signal gradually degrades over time, this might be because the fiber is constantly subject to medium load or because of natural aging of the fiber. Other behavior patterns might give clue of an unauthorized attempt to tap the line.

Finally, redundancy is the key word in ensuring availability of transmission lines. Using a simple, unprotected line might be the least-expensive option for connecting data centers, but could a financial-services provider afford a complete outage on the line, potentially for days? The enterprise instead could simply duplicate the link, with traffic failing over from the primary to secondary connection in the event of an issue, but that means it must keep 100 percent of network capacity in reserve in case of emergency.

Leave a Reply