How Data Governance Enables DBS Bank to Focus on Customer Experience
BENEFITS
Automated AD authentication
Improved security posture and scalability
CHALLENGES
Difficulties managing and maintaining existing proxy connection and proxy rules manually
Needed a precise way to allow-list applications’ Internet access
CUSTOMER PROFILE
Headquartered and listed in Singapore, DBS Bank Ltd. (DBS) is a leading financial services group in Asia with a presence in 18 markets globally, including six priority markets in Asia: Singapore, Hong Kong, China, India, Indonesia, and Taiwan. Consistently recognized as a global banking leader, DBS is at the forefront of digitalization across banking services and products—a reflection of its vision to become a digital-first company with technology as its core.
The bank’s readiness to invest in technology, such as cloud-enabled technologies, shows its desire to remain nimble and stay ahead of the curve. DBS adopts a “two-in-a-box,” platform-based organizational structure, where the business and technology groups work together to grow digitally.
We could respond nimbly to the [Covid-19] crisis because of the technology investments we made over the years. We will accelerate our technology transformation efforts to pull further ahead with our digital advantage to better serve our customers.
The Challenge
To continuously provide the best banking experience to all its customers, DBS actively adopts new technological innovations necessary for the bank to deliver superior digital experiences. The bank’s aim is to enable and empower its teams to develop and deploy applications at scale, which is key to modernizing applications. It drives automation in the deployment, scaling, and management of containerized applications on Kubernetes, an open-source platform. Kubernetes effortlessly moves workloads across on-premises, hybrid, and public cloud infrastructures. But it creates the potential risk of exposing applications to security vulnerabilities, as the application workload is distributed across the Kubernetes worker nodes. For example, if DBS has 100 worker nodes serving applications 1 to 50, and application 3 requires opening the firewall to an eCommerce platform, then the only way is to open the firewall for all nodes. Consequently, the other 49 applications will also be able to access the eCommerce platform, and this weakens application security.
Automating proxy rules management to simplify the operational process is a viable solution. However, governing the outgoing traffic is a challenge, as the modernized application environment is vulnerable to external threats. Therefore, it was becoming increasingly complex for the bank to manage firewall rules—and administrators became more hesitant about removing or changing rules, as they lacked visibility into their applications. The turnaround time to complete the configuration took too long, resulting in delays in enforcing required security policies.
To overcome these challenges, DBS needed a tailored solution that could help simplify its operational process, reducing the go-to-market time in a secure manner.
The Solution
To retain its customers’ trust with the highest security standards while meeting their demands, DBS designed a Gateway as a Service (GaaS) to control all outgoing traffic and impose additional security checks to enforce granular access control policies required by the bank. It partnered with F5 and deployed a customized solution to bring this design to reality. The bank brought in a secure, flexible, and high-performance access management proxy solution for enabling seamless application access, authentication, and authorization. It uses APIs exposed by the proxy appliance to automate the creation and management of rules and scripts for performing checks on all HTTP traffic. This reduces the administrators’ workload and improves the turnaround time for implementing a rule/policy from weeks to just a few minutes.
In addition, DBS guards both the monolithic and containerized environments by ensuring high-performance decryption of traffic for security inspection. As a result, DBS is able to maximize its security control in both its monolithic and modernized application infrastructures, solving an industry challenge through technical innovation.
The Benefits
DBS saves time, human resources, and cost for the bank when developing proxy gateway policies and replicating these policies to other environments. The bank reduces its time to market applications with low latency and seamless application delivery. With automation, the bank can perform authentication seamlessly across applications, provide secure authorization access, and have granular control over the applications. Through this innovation mindset of DBS, the bank continues to drive efficiencies in the way it builds and operates its digital assets and infrastructure.
Looking Ahead
New technologies such as 5G, AR/VR, blockchain, and IoT open up a realm of possibilities. DBS’ current platform is a solid foundation for long-term ecosystem innovation.