Overview

Banking and financial services are the lifeblood of today’s globalized economy. With a worldwide capitalization expected to exceed $143 trillion in 2014, the industry is the most heavily regulated and is more often than not a primary target for cybercrimes – including financial fraud, identity theft, data manipulation, denial of service, and advanced persistent hacking attacks on payment systems and other critical information systems and communication channels.

Read More

Aujas Solutions

We help our banking clients establish effective programs and solutions for protecting their data, managing security incidents and vulnerabilities, and for implementing effective information security risk and compliance programs.

Risk & Compliance Advisory

Banks must comply with standards and regulations such as PCI DSS, GLBA, and privacy laws.  They also look to implement information security management systems that follow industry best practices such as ISO27001 to govern their security program.

We not only help with PCI DSS compliance, we provide services that allow for automation of governance, risk and compliance (GRC) programs:

  • Our integrated GRC management approach allows our clients to build a system that integrates all of their compliance requirements. This helps to minimize audit fatigue.
  • We help our clients through the journey of PCI DSS compliance by assessing readiness levels – which is easy – and helping in readiness and remediation efforts.  Our Compliance Assure solution helps banks automate self-assessments.
  • We offer comprehensive services to manage vendor risk. Our services range from defining and operationalizing the entire vendor risk management program to conducting third party risk assessments.  We support custom vendor risk assessment frameworks and standardized frameworks such as Shared Assessments AUP, SIG and SIG lite.  We are members of Shared Assessments and we use their assessment tools and frameworks.
  • One of our specialties is IT GRC automation consulting using the RSA Archer eGRC Suite.  We support our clients through blueprinting, deploying, and integrating the solution with processes and systems, and then managing it.
Our services are designed to cover the entire information security landscape. We are a one-stop for all your information risk management requirements.Learn more about our risk and compliance management services.
Identity & Access Management
We offer our banking clients comprehensive services for Identity and Access Management (IAM), including:
  • Strategy and design – We evaluate our client’s needs quite thoroughly using executive workshops and field assessments. Then we provide a detailed strategy and roadmap for implementing enterprise-wide IAM initiatives. We also assist them with business case analysis, technology evaluation, and solution architecture.
  • Role engineering and entitlement management – We help our clients define roles and manage entitlements, ensuring that employees have only the access required to do their jobs effectively for as long as they are doing those jobs. Our policy-based dynamic controls allow for automating who can have access to what, at what time, and in what context.
  • Access management – We implement complete solutions for enterprise access management, including web access management, single sign-on, and converged access control.
  • Sustenance and optimization – Identity access management is never static and a bank’s system needs to evolve. As an end-to-end solution provider, Aujas’ support is available to sustain and optimize an IAM solution through enhancements and upgrades.
We are vendor-agnostic, ensuring that our clients get best-in-class solutions across all leading IAM solution providers. Learn more about our IAM services.
Data Protection
The banking industry depends on the secure flow of data.  Our data protection service helps our clients identify and classify sensitive data as it is stored, processed and transported across organizations.  We help our clients:
  • Establish a data protection framework and strategy to govern the management of sensitive data including customer demographics, card data, shopping histories, loyalty programs, supplier information, pricing, marketing plans, and more.
  • Conduct data leakage risk assessments (DLRA) to identify where and how sensitive data is stored and used.  We also perform risk assessments to identify breach risk and vectors.
  • Integrate popular data protection technologies such as data leakage prevention (DLP), database activity monitoring (DAM), information rights management (IRM), data encryption, tokenization, and masking/redaction technologies.
  • Monitor their data protection technologies to identify potential data breach incidents, manage consequences; improve effectiveness by fine-tuning rule bases, and moving rules to active protection from passive monitoring.
Our data protection experts work with a bank’s departments including retail banking, commercial banking, card management and operations, fraud and investigation, compliance, finance and accounting, HR, IT, and marketing to identify and secure sensitive data. Learn more about our data protection services.
Threat Management

Today, most banks offer their customers Internet and mobile banking services. It is vital that these channels be secured to protect customer data and maintain customer trust.

Banks work with us to assess and secure their infrastructure, web applications, and mobile applications.  Our application security services include:

  • Helping our clients to design, develop and manage vulnerability management programs. These programs leverage threat intelligence to anticipate and proactively mitigate vulnerabilities.
  • Assessing a bank’s infrastructure, application and mobile application security by conducting vulnerability assessments, penetration testing and code reviews.  We don’t stop at scanning technology we also help clients mitigate the risks found.  Our security assessments meet and exceed the ASV standards set forth by PCI.
  • Assisting our customers in mitigating Advanced Persistent Threats with our APT risk mitigation service..
  • Evaluating human behavior using our cloud-based Phishnix. This application not only assesses how susceptible people are to phishing attacks, it trains them to avoid attacks.Learn more about our threat management services.
Security Intelligence
Many banks deploy technologies such as traditional SIEM, the newer security analytics engines, exfiltration detection, advanced malware detection, and data leakage prevention. It can be difficult, however, for banks to know how to use these tools effectively. Aujas helps banks’ security leadership and operations teams get the most out of these technologies:
  • We help our clients establish a more responsive incident management program by incorporating proactive & reactive processes.  We enable our customers to define Indicators of Compromise (IoC), work with threat intelligence and use it with their threat management program.
  • We use our Correlation Library to provide accelerated rule deployment for various SIEM/SA/SI technology providers.
  • We help security leaders see through the reporting fog and focus on critical issues with our analytics and visualization solution for SIEM/SA.
  • We design custom SIEM/SA solutions that go beyond the traditional security event analytics and integrate analysis and correlation capabilities to solve other issues such as identity fraud.Learn more about our security intelligence services.
Mobile Security
We assist banks in assessing and securing mobile applications, application stores, payment services products, USSD apps and mobile devices:
  • Mobile application security – We test for vulnerabilities in mobile applications with penetration testing (black/gray box), secure code review, reverse engineering and API’s security testing. We also help remediate the vulnerabilities found.
  • Mobile application store security – We perform security assessments for internal apps, external apps, and open API’s. We also conduct secure code reviews, and malicious patterns verifications, and assess device OS and dependent Telco’s components.
  • Mobile payment and banking security – We assess mobile payment and banking applications, conduct secure code review and reverse engineering of payment gateways and application API/interfaces.
  • USSD/DSTK application security – We assess USSD/DSTK applications, USSD gateways, and USSD application server frameworks. We review and analyze USSD logs, USSD-based payment application’s PCI-DSS and payment forum’s compliance pre-audit.
  • Enterprise mobile data management services – We help clients with enterprise data fragmentation; access control for critical business data and for business applications usage; mobile content management; data storage encryption, and authentication for fragmentized data.
  • Mobile device security – We review the mobile devices’ security configuration; prepare customized device security policies and user awareness programs; and assess mobile platforms and operating systems (Android, iOS, Symbian, Blackberry, J2ME, and BADA).
Our secure design methodology for mobile applications and extensive cryptography experience help our clients secure data storage, deploy protocols such as SMS, USSD, 3G, GPRS and WAP, and reduce software re-engineering and compliance costs.Learn more about our mobile security services.
Cloud Security

Cloud computing is a fast growing technology and cloud-based business applications are growing at a rapid pace.  Banks, however, are entering the cloud cautiously. Before moving to the cloud, banks must consider data confidentiality, security, regulatory compliance, interoperability of standards, and service quality.

Aujas helps banks enter the cloud with the confidence that their customer data can be secured and that they are complying with stringent banking regulations. We offer:

  • Cloud security advisory – We assist organizations in establishing effective cloud security governance, operations strategy, and tactical processes.
  • Secure cloud applications – We build the cloud application as well as the ecosystem around the core platform so that cloud applications are easy to use and secure.
  • Secure release – Cloud security is not a one step process; it requires constant innovation across various business needs. Our secure release program for the cloud adopts new and proven approaches and technologies to help secure applications with less user intervention. Learn more about our cloud security services.

Case Studies

Banking

Secure Code Review of Internet of Things for a Leading Payment Service Provider

One of the leading payment service provider in APAC engaged us to secure their mobile payment devices through secure code review and remediation advisories.

Goal of this engagement was to assess the device application source code for security flaws and validate that secure coding practices has been incorporated in the source code development life cycle. Also to assess the source code with Industry best practices – OWASP.

Download case study

Information Security Program Evaluation to Meet Regulatory Requirements for a Commercial Bank

Our client is a large international bank with an extensive network of branches, ATMs and remittance centers. Over the past three decades it has expanded dynamically and now provides a full range of banking products and services to retail and corporate customers. It also offers home financing and heavy equipment leasing services.

Download case study

Powering the vendor risk program of a leading international bank

Our client is a leading international bank with a large footprint of 2402 domestic branches (including extension counters) and 12,922 ATMs spread across the country. The Bank also has operations in Singapore, Hong Kong, Dubai, Sri Lanka and China.

Download case study

Turning a Bank’s DLP from a Liability to an Asset

Our client is a large international bank with a global network of branches, remittance centers, and ATM kiosks. Over the past three decades, the bank has expanded and now provides a full range of banking products and services to its retail and corporate customers. It also offers home financing and heavy equipment leasing services.

Download case study

Data Protection Program Implementation for One of the World’s Largest Banks

Privacy and data protection have recently become the prime focus for many organizations worldwide. An increasing number of data breaches have eroded customer and consumer trust, forcing countries to establish privacy and data protection rules and regulations. While organizations are moving towards implementing enterprise-wide data protection programs, the proliferation of technology, advent of new data sharing channels and dependency on cross-border data transfers have made the undertaking complex.

Download case study

Mobile Banking Made Safe

Our client is a large private bank with a revenue of $6.5 billion last year. This bank had a national presence and a customer base of over 28 million. Our client wanted to make banking and other related services available to customer more easily and so has widely adopted mobile banking.

Download case study

Techno Risk Assessment for Large Banking Client

Our client is a top regional bank with headquarters and regional offices around the world and a customer base of over 2 million. The bank offers services which include retail banking, commercial banking, treasury services, project and structured home finances via its state-of-the-art data centers.

Download case study