NAB to revamp authentication, audit and pen testing

Powered by SC Magazine
 

Pilots Open Data Center Alliance usage model.

National Australia Bank has agreed to be among the first global companies to pilot a standard that aims to federate identity management between the bank's in-house and externally hosted applications.

The proof of concept is part of NAB's steering committee contribution to the Open Data Center Alliance (ODCA), an initiative led by over 300 corporations including BMW, UBS and Deutche Bank.

The ODCA aims to drive cloud computing standards and overcome key roadblocks around cloud security and the portability of workloads, among others.

At an event at NAB's boardroom in Melbourne, the company announced it would be among a handful to pilot the ODCA's security assurance provider usage model [pdf].

As previously described in iTnews, this model audits and ranks external security providers as either platinum (military grade), gold (financial services grade), silver (enterprise grade) or bronze (standard grade) according to several criteria.

Cloud providers are audited, for example, on how they handle vulnerability management, network and firewall isolation, identity management, security incident and event monitoring, data retention and deletion, and several other attributes.

The bank's IT executives said the usage model will be used to negotiate terms around the monitoring and on-site auditing of external/cloud service providers.

It could define, for example, how penetration testing might be commissioned to test the security of a cloud service.

NAB will also apply this usage model to aid its selection of security standards when attempting to federate identities across internal IT services and those provided by external service providers over the public Internet.

Adam Bennett, chief information officer at NAB said the bank felt it was important to commit its technology staff to the standards project for a number of reasons.

"Whilst vendors have a legitimate view about how cloud computing develops, it is a very different view [to end users]," he explained.

"Cloud computing standards will provide economies of scale. The need will ultimately come to compare one cloud ecosystem to another on their relative merits. It's important for clarity on both the demand and supply side. It will be no one's benefit if one talks in metric and another in imperial."

Bennett said the banking sector was especially interested in security and regulatory standards, "by virtue of our industry", which is regulated by APRA.

"We absolutely recognise the legitimate concerns of our regulators as cloud computing develops," he said. "We recognise that the secure storage of customer data and personal information is very much on everyone's agenda. So we're keen to inject that into the shaping of these standards."

Other organisations in the ODCA effort will conduct proof of concept trials around other announced usage models: BMW, for example, will put into practice a usage model aimed at reducing carbon footprint.

Jason Waxman, general manager of Intel's data centre group and a technical advisor to the alliance said each organisation agreed upon signing up to share learnings from their pilots under a "reasonable and non discriminatory" IP license.

Waxman told iTnews he expected hardware and software vendors and cloud service providers would bend to the requirements NAB puts forward under the proof of concept trial - knowing that US$100 billion of IT spend from 300 other large corporations is likely to be at stake.

New tools

Vendors might also find some of the language from the ODCA's usage models creeping into tender documents under an initiative announced this week.

The ODCA has launched an online tool that allows customers to insert the necessary verbiage from any given usage model into the RFPs (requests for proposal) they take to the market. This will ensure the procurement of new IT goods and services meet ODCA standards.

The "Proposal Engine Assistant Tool" or PEAT allows an organisation to select the hardware, software or cloud service to be procured and be presented with the relevant clauses to include in their RFPs and contracts.

Denis Curran, head of strategy and innovation at NAB said standards will help reduce transaction costs when dealing with suppliers.

"When every transaction is unique, the cost of sale - be that the  legals and controls, gets higher," he explained. "If you can compress that work effort with a common language, everything gets easier."

NAB's Denis Curran will be a guest speaker at iTnews' Executive Summit at the Grand Hyatt in Melbourne on Monday March 19. Register now to guarantee your seat!

Copyright © iTnews.com.au . All rights reserved.


NAB to revamp authentication, audit and pen testing
NAB CIO Adam Bennett.
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
NAB CIO Adam Bennett.
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1453

Vote