Modul IX Technology Trends in the Banks
-
Upload
independent -
Category
Documents
-
view
0 -
download
0
Transcript of Modul IX Technology Trends in the Banks
Supaya mahasiswa :Mengerti evolusi platform teknologi informasi yang berkembang
Memahami prinsip – prinsip pembuatan arsitektur perbankan
Materi :evolusi platform teknologi informasi
Increasingly Complex IT Environment
IT GovernanceIT Governance Bank Indonesia Storage Area Bank Indonesia Storage Area NetworkNetwork
Teknologi perbankan semenjak tahun 1970-an telah memasuki tahap evolusinya yang keempat. Dimana pada saat ini dibutuhkan sebuah sistem dengan ciri-ciriarsitektur sebagai berikut:
• Mengikuti perkembangan teknologi yang dinamis melalui kerangka kolaborasi;
• Berbasis Service Oriented Architecture (SOA);
• Menuju ke arah transformasi bisnis;• Dibangun dengan prinsip “rumah tumbuh” karena berbasis komponen (objek);
• Kemudahan antar sub-sistem untuk saling berhubungan; dan lain sebagainya.
Berbeda dengan sistem-sistem jaman dahulu dan saat ini, di masa mendatang, teknologi perbankan yang dikembangkan harus dapat menjawab sejumlah tantangan utama sebagai berikut:
Mendukung transparansi dalam pendayagunaan setiap komponen dan sumber daya teknologi;
Meningkatkan jejaring manfaat yang harus diberikan secara langsung kepada bisnis;
Memberikan kemudahan dalam beradaptasi dengan berbagai jenis perubahan yang cepat dan dinamis (baca: fleksibel);
Memperhatikan orientasi proses bisnis sebagai pertimbangan utama dalam menentukan teknologi;
teknologi perbankan yang dikembangkan harus dapat menjawab sejumlah tantangan utama sebagai berikut: (lanjutan)
Mendukung arsitektur bisnis yang dikembangkan oleh bank terkait;
Menjembatani kebutuhan beraneka ragam unit-unit usaha perbankan yang sangat tidak terstruktur dan berjumlah cukup banyak; serta
Melayani kebutuhan detail dan mikro masing-masing pelanggan perusahaan, baik secara internal maupun eksternal.
9
IT GovernanceIT Governance Definisi:Definisi: A structure of relationship and processes to A structure of relationship and processes to
direct and control the enterprise in order to direct and control the enterprise in order to achieve the enterprise ‘s goal by adding value achieve the enterprise ‘s goal by adding value while balancing risk versus return over IT and its while balancing risk versus return over IT and its processes (COBIT)processes (COBIT)
IT Governance is the responsibility of the board IT Governance is the responsibility of the board directors and executive management. It is an directors and executive management. It is an integral part of enterprise governance and consist integral part of enterprise governance and consist of the leadership and organizational structures of the leadership and organizational structures and processes that the organization;s IT sustains and processes that the organization;s IT sustains and extends the organization’s strategies and and extends the organization’s strategies and objectives (IT Gov Institute)objectives (IT Gov Institute)
Kesimpulan:Kesimpulan:– Siapa yang bertanggung jawab thd pelaksanaan IT Governance
– IT Governance adalah bagian yang tidak terpisahkan dari keseluruhan corporate governance.
10
Keterkaitan IT Keterkaitan IT GovernanceGovernance Stakeholder value adalah yang menjadi awal Stakeholder value adalah yang menjadi awal
penggerak (driver) kelimanya. Bila value penggerak (driver) kelimanya. Bila value delivery dan risk management adalah outcome-delivery dan risk management adalah outcome-nya, maka strategic alignment, resource nya, maka strategic alignment, resource management dan performance measurement yang management dan performance measurement yang menjadi penggeraknya. menjadi penggeraknya.
Di Bank Indonesia, IT Governance diterapkan Di Bank Indonesia, IT Governance diterapkan dengan adanya:dengan adanya:– Forum Manajemen TI (FMTI)– Sistem Perencanaan Anggaran dan Manajemen Kinerja –berbasis Balance Scorecard
– Risk Manajemen Bank Indonesia– Ketentuan terkait Strategi dan Kebijakan TI
12
Campus NetworkCampus Network Dual Ring Fiber Optic Dual Ring Fiber Optic
Singlemode - (@ 12 Singlemode - (@ 12 Cores Fiber Optic)Cores Fiber Optic)
Coarse Wave Division Coarse Wave Division Multiplexing (CWDM) Multiplexing (CWDM) Technology Technology
Intra Buildings Speed : Intra Buildings Speed : nx1 Gigabit Ethernet (n nx1 Gigabit Ethernet (n up to 16)up to 16)
RedundancyRedundancy Modular / ScalableModular / Scalable Blocks Switch Configuration :Blocks Switch Configuration :
– CORE – Data Center / Servers Farm – Distribution (Buildings)– Access (Floors)– WAN - Wide Area Network (Connect to all Branches & Rep. Offices)
– Extranet (Connect to Banks/ Third Parties)
– Internet (Global Connection)
– Remote Access (for Employees mobile access)
13
Comparison – Old and New BI-Comparison – Old and New BI-NetNet
Floor SwitchFloor Switch
Medium & Low Class SwitchMedium & Low Class Switch Medium & Low Class SwitchMedium & Low Class SwitchMain Switch BuildingMain Switch Building
High & Medium Class SwitchHigh & Medium Class Switch High & Medium Class SwitchHigh & Medium Class SwitchLatest CAN TechnologyLatest CAN Technology
ATM 155 MbpsATM 155 Mbps CWDM 1 Gbps & 10 GbpsCWDM 1 Gbps & 10 GbpsBackbone RouterBackbone Router
High Class Router (KP)High Class Router (KP)Medium Class Router (KBI)Medium Class Router (KBI)
High Class Router (KP)High Class Router (KP)Medium Class Router (KBI)Medium Class Router (KBI)
Switching & RoutingSwitching & Routing
Single connection & devicesSingle connection & devices Fully Redundant Connection & devicesFully Redundant Connection & devicesServer FarmServer Farm
Shared in network backboneShared in network backbone Dedicated High Class SwitchDedicated High Class SwitchInternet dan ExtranetInternet dan Extranet
Partial DevelopmentPartial Development Integrated designIntegrated designSecuritySecurity
Basic (IP Filtering, encryption)Basic (IP Filtering, encryption) Advance (Firewall, IDS, NAM, encryption, Advance (Firewall, IDS, NAM, encryption, QoS dan CoS)QoS dan CoS)
Layanan Akses kepada UserLayanan Akses kepada User
Depend on Switch/Hub TypeDepend on Switch/Hub Type EqualEqualAkses ke ServerAkses ke Server
10/100 Mbps single connection10/100 Mbps single connection 100/1000 Mbps, Ether Channel capability100/1000 Mbps, Ether Channel capabilityKoneksi ke KBIKoneksi ke KBI
Single Connection, Priority for Single Connection, Priority for Transactional ApplicationsTransactional Applications
Separate Connection, Class of ServiceSeparate Connection, Class of Service
14
Bank Indonesia Bank Indonesia Storage Area NetworkStorage Area Network
•Each Server is connected to SAN (share disk).
•More efficient storage •Better performance (each Host Bus Adapter / HBA can be run at 2 Gbps).
•Easy to maintain due to consolidated storage.
•Backup data can be perform easily (either fully backup from SAN Storage or increment backup)
•Backup can be done via SAN Segment (Server less backup)
After Implementation
Many advantages are gained after the implementation of Bank Indonesia Storage Area Network…
•Each Server has own Storage device (either DASD or Modular Storage)
•Waste space of Storage (average utilization of storage is around 15%).
•Poor performance in accessing the disk
•Hard to maintain due to distributed storage.
•Backup data can’t be perform easily.
•When backup is done via network, the performance will be degraded.
Before Implementation
15
Main Data CenterMain Data Center Old Data Center – X BuildingOld Data Center – X Building
New Data Center – Y BuildingNew Data Center – Y Building• Temporary co-location for Main Temporary co-location for Main Data Center (MDC) in KOPERBIData Center (MDC) in KOPERBI
• New Infrastructure in MDC (Genset, UPS, New Infrastructure in MDC (Genset, UPS, AC, Raised Floor, Other Utilities)AC, Raised Floor, Other Utilities)
• New Main Machines (Tandem S86002 and New Main Machines (Tandem S86002 and Mainframe Z890) in MDC and Disaster Mainframe Z890) in MDC and Disaster Recovery Center (DRC)Recovery Center (DRC)
DRCDRC
16
Platforms (O/S, Db and Platforms (O/S, Db and Application)Application)
Main Frame - VM VSEMain Frame - VM VSE Tandem - TACLTandem - TACL Mini Servers :Mini Servers :
– O/S Unix, AIX, and Sun Solaris
– Database Oracle Storage Area Network Storage Area Network ::– Hitachi Data System– Storagetek Tape Library
PC Servers :PC Servers :– Microsoft Based :
• O/S Windows 2003• MS SQL• MS Exchange - E-Mail Server• Radius• ISA Firewall
– Non Microsoft :• Websphere• CognosLotus Domino• Lotus Notes• Zy Image
PC - Microsoft BasedPC - Microsoft Based
17
TelecommunicationsTelecommunications Data Communications :Data Communications :
– SNA (X.25)– Frame Relay– MPLS (Multi Protocol Label
Switching) technology : Media :Media :
– Terrestrial / Leased Line – VSAT – Radio Link
Telephone Line :Telephone Line :– PABX– Virtual Private Network -
VPN Dial 0809xxxxx– VoIP Telephone via WAN BI-
Net
Intelligent Telex (I-Intelligent Telex (I-Telex)Telex)
ISDN (Integrated Services ISDN (Integrated Services Digital Network for Video Digital Network for Video Conference)Conference)
Radio Communication :Radio Communication :– VHF & UHF
Information Providers :Information Providers :– Reuters– Bloomberg– Telerate– SWIFT
Internet Service Provider Internet Service Provider – www.bi.go.id– www.bi.go.id
18
IT Security : ActionIT Security : ActionIT Security and Challanges;
Goals of IT Security :ConfidentialityIntegrityAvailability
Challenges in IT Security:Unauthorized AccessInformation and Identity theft
19
IT Security : AreasIT Security : Areas
PeoplePeople
Technolog
Technolog
yy
Process
Process
How to protect Bank Indonesia IT assets (information, application) from malicious software and unauthorized attacks ?
Focus on 3 areas of IT Security :
Process Technology People
20
Created and regularly updates BI-wide IT Security Policy
Perform scheduled and unscheduled IT security Audit :
By BI Internal Auditor By Supreme Auditor By Third Parties (University,
Microsoft Corp)
IT Security : Areas - IT Security : Areas - ProcessProcess
21
Implement an automatic Operating System Implement an automatic Operating System (Windows) patch using SMS Server(Windows) patch using SMS Server
Implement encryption, public key Implement encryption, public key infrastructure for critical applicationinfrastructure for critical application
Implement firewall and IDS etcImplement firewall and IDS etc
IT Security : Areas - IT Security : Areas - TechnologyTechnology
22
IT Security : Areas – IT Security : Areas – Technology (2)Technology (2)
Implement an automatic Mc-Afee antivirus update on Implement an automatic Mc-Afee antivirus update on PC clients using centralized McAfee e-Policy PC clients using centralized McAfee e-Policy OrchestratorOrchestrator
BI enterprise antivirus management :
updating engine and DAT
virus detection report
infection summary etcs
23
Perform regular security awareness for user, through e-mail notification, memos, brochures / fliers, logon banners
Perform regular training / security update.
IT Security : Areas - IT Security : Areas - PeoplePeople
Security belongs to everybody.Sec_rity is not complete without "u".The key is “u".
Example : Logon Banner
24
IT Security : IT Security : OrganizationOrganization
IT Director
Deputy Director
Deputy Director
IT Strategy and Policy
Team
Application Development
and Maintenance
Team
IT Support
IT Operational
Administration &
Procurement
QA and IT Security Policy
IT Security Implementation and Support
Created formal structure in 2004 : IT Security Policy Development Team and IT Security Implementation Team
Should IT security be managed by a formal structure ?
25
Bank Indonesia choose “ISO27001-Bank Indonesia choose “ISO27001-2005 2005 Information Technology : Code Information Technology : Code of Practice for Information of Practice for Information Security Management “ as reference Security Management “ as reference in creating IT Security Policyin creating IT Security Policy
ISO 27001-2005 is : A comprehensive set of controls comprising best A comprehensive set of controls comprising best
practices in information securitypractices in information security An internationally recognised generic information An internationally recognised generic information
security standard security standard
IT Security : ISO IT Security : ISO 27001-200527001-2005Is there any international best practice on
IT security that can be referred ?
26
AccessControls
Asset Management
Security PolicyOrganisation of
Information Security
Human ResourcesSecurity
Physical & Environmental
Security Communication& Operations
Mgmt
Information Systems Acquisition, Dev.
& Maintenance
Information Security
Incident Mgmt
Business Continuity Mgmt
InformationInformation
IntegrityIntegrity ConfidentialityConfidentiality
AvailabilityAvailability
11
22
33
44
55
6677
88
99
1010
IT Security : ISO 27001 IT Security : ISO 27001 11 Key Controls11 Key Controls
Business Continuity Mgmt
1111
27
ChallengeChallenge IT which is viewed just as supporting function IT which is viewed just as supporting function
now shifting towards integration with Bank now shifting towards integration with Bank Indonesia’s business process Indonesia’s business process
Increasing IT Security risk Increasing IT Security risk Data/information theftData/information theft New kind of malicious software New kind of malicious software
More demanding internal dan external stakeholder More demanding internal dan external stakeholder Bank Indonesia for performance, quality and Bank Indonesia for performance, quality and security of IT products and servicessecurity of IT products and services
International Requirement such as Basel II and International Requirement such as Basel II and other standards; ISO, Sarbanes Oxley etcother standards; ISO, Sarbanes Oxley etc
28
BI Network : BI Network : – More performance, more service, more More performance, more service, more secure, higher availabilitysecure, higher availability
– Enhance Network Monitoring SystemEnhance Network Monitoring System– Apply future IT PlansApply future IT Plans
Regulation :Regulation :– Update IT Security Policy Update IT Security Policy – Update IT Policy and Strategy Update IT Policy and Strategy Regulation & BCPRegulation & BCP
Future PlansFuture Plans