As the oldest and of the most trusted banks in Saudi Arabia, there’s a lot riding on National Commercial Bank’s IT security. The company’s Vice President of Business Continuity, Technology Risks and Information Security, Rasha Abu AlSaud, recounts how the firm sharpened its network monitoring with a powerful and transparent end user analytics solution.
In assets alone, National Commercial Bank ranks as pack leader not only in Saudi Arabia, but in the entire Arab world. With 7,000 employees on its payroll – not to mention an additional 3,000 consultants and third party associates – keeping track of IT activity between staff endpoints has never been straightforward.
Reporting to the company CIO, Rasha Abu AlSaud is responsible for a range of functions, covering IT security and business processes, but protecting customer data always remains a top priority. In few other industries is the threat to that data as relentless as in banking, where vast sums of customers’ cash – as well as the vital bond of trust – are at stake. AlSaud was all too aware of the need to implement a solution that could track her employees’ activity, from their endpoints to the cloud, thus tightening security processes.
“There’s always a great deal of pressure when it comes to securing customer data,” AlSaud says. “Any sort of breach will inevitably impact our relationship with them, so our controls protecting customer information have to be of the greatest transparency and quality.”
On top of her duty to monitor an array of security issues across NCB, AlSaud is also mandated to do the same for NCB Capital – NCB’s newly-formed investment subsidiary – which shares NCB’s IT infrastructure.
A key concern for AlSaud had been the lack of visibility over employees’ outbound web traffic. “We were unable to track the end user to the cloud, and that was a concern,” she says. “We also used to see a lot of botnet traffic from the previous proxy that we had. We were unable to go down and see where the user was connecting to.”
An additional pain point for AlSaud had been connectivity limitations that had hindered NCB’s attempts to push certain software updates to endpoints across the vast land mass of Saudi Arabia. “One of the challenges we’ve faced in terms of security is pushing agents to endpoints, and the bandwidth constraints impeding that transfer,” she says. “Considering the vast numbers of endpoints to which those agents must be pushed, we needed a solution that was light. Saudi Arabia is a varied country, and we have a presence across all regions and in every city – including rural areas that often use a dial-up connection.”
After NCB’s IT security and risks teams conducted their necessary research, they eventually opted for Nexthink’s Security and Integration modules, which could provide visibility compliance, network activity monitoring and IT analytics.
AlSaud always insists on her selected vendors implementing their software at NCB, and any resultant error in this process would not only be costly for the Bank, but would have terminated the entire project. “If one device had become corrupted because of Nexthink, that would have been the end of their involvement with us,” she says.
The implementation of Nexthink lasted five months, from November 2011-April 2012. To date, 9,000 endpoints have been covered by the solutions, with 1,000 still to be completed. AlSaud says it has given NCB a much-improved starting point for diagnosing network difficulties and potential security threats. “Now, if an incident is raised, we can tell where the user is connecting to on the cloud, which gives us a great advantage when looking for a resolution,” she says.
The lack of visibility NCB had suffered through its proxy is now confined to the dustbin, with changes easily made and information easily available. “We are now able to change the proxy – with limitations, as it is dealing with large volumes of data – and it tells us all kinds of information; the username or host name that is connecting to a site and what sites they are visiting, all kinds of information,” AlSaud says.
NCB had previously experienced issues keeping track of the number of users who had admin privileges, which served as a security threat to the organisation. “I had asked my team for a list of local admins in our network, and they replied ‘which month do you want it by?’ which shows you the scale of the task we faced,” she says. “It would require a major effort to scan and get all the necessary data, to implement the necessary scripts on every device in the network.” The changes have now rendered this process a breeze. “It’s a dream to have dashboard that can easily report on this, to have a button that says ‘you have x number of admins.’ Our COO has now asked us to reduce the number of privileged admins for security purposes, which reduces the number of potential internal threats to the business.”
Although AlSaud draws great satisfaction from NCB’s improvement under the software, she still feels the company can reap greater rewards from the change. “We’re still learning about the module, ways we can get the maximum out of it. We’re working with the vendor to find out what more it can provide.”