Securing Bank Of India
Bank of India is racing to be the most secure bank to serve
its customers better By Kushal Shah.
P A Kalyansundar
Being in Indias banking sector, Bank of India has the
responsibility of serving its customers with adequate security. Like most leading
banks, it has taken all possible actions to beef up its IT infrastructure and
security set-up. It has taken care of all the areas in the organisation, which
are critical from a security standpoint. Technologies such as biometrics and
encryption are in use. Conducting regular drills at its data recovery site and
successfully recovering most of the IT system instantaneously after a simulated
disaster. Bank of India looks like a bank which never stops working regardless
of the scale of the catastrophic event that it may face. This bank has much
more to offer to its customers while it guns for a ISO 27001 certification.
Policy and Audit:
Bank of India, Indias public sector bank is one of the biggest in this
The banks security policies are reviewed anually. For evaluating the state of
the system auditing is performed on annual basis across all the branches of
Bank of India. Apart from auditing for regular operations, auditing for critical
operations is done concurrently. Risk assessment is performed based on audit
reports. According to the tests conducted for the risks, Bank of India was found
out to be risk free from threats and vulnerabilities.
|Bank of India is an established commercial banks
with a pan-Indian presence and is a century old having been founded on 7th
The Bank is rated as one of the top five banks in the
country, with over 2,650 branches across India and 23 foreign branches
or offices with an asset base of over $26 billion. Corporate credit, trade
finance, loan syndication, export finance, forex operations and all types
of retail banking are its forte.
The bank was the first Indian financial institution to
open its branches in London in 1946. After World War II, it opened a branch
in Tokyo, Japan on May 17, 1950. Soon after this the Osaka branch was
established on 20th October 1950. With fifty-three years of experience
in global banking it has strong assets and correspondent relations with
leading international banks. The bank believes in a total package approach
to meet all financial and non-financial requirements of its customers.
The top priority in the banks
security policy is that its operations should be carried out in a secure
and safe manner and that accessibility to the people in the organisation
as well as those outside should be provided in a secure and controlled
way. For evaluating the state of the system, auditing is performed annually
The bank follows processes such as information profiling which involves classification
of information into categories, such as, secret, confidential, corporate confidential,
offices and public. Every new process is scanned for its risks and vulnerabilities
and various other security clearance aspects. Only after it has been cleared
by both the teams, it can go ahead and become the part of the organisations
Bank of India has all the security related software and hardware like anti-virus,
spam filters, firewalls, content filters, storage security installed and implemented.
Using all these tools they seem to have a stable organisational security structure.
The bank uses all possible vulnerability tools to ensure that its infrastructure
is not vulnerable to external attack. It uses biometrics at all critical installations
for authentication and encryption is used across the board. A team of 10-15
security specialists at the head office takes care of the important tasks. Apart
from the core team, a team of about 150 people is taking care of security across
- The BoI data centre set-up is located
in Mumbai and forms the tier-one. The tier-two set-up, the disaster
recovery centre, is based in Bangalore and is in a different seismic
zone. The connectivity between these two centres and across branches
is established by means of dedicated leased lines that have been leased
from MTNL, BSNL and Bharti Enterprise.
- Branch links terminate at Network Aggregation
Points (NAPs) that are simultaneously connected to the BoI data centre
in Mumbai and DR centre at Bangalore. The inter-connectivity is established
based on point-to-point protocol using leased lines. Data travels through
multiple leased lines from the data centre to the disaster recovery
- The core banking applications run on Finacle
from Infosys and the database is set up using the Oracle Financial Service
- The core banking applications run on multiple
HP Superdome servers while the storage solutions have been migrated
to a HP StorageWorks XP1024 disk array. This is further connected through
leased lines to various Cisco switches and routers deployed across the
country with the branches forming a hub and spoke topology that uses
a central point to co-ordinate activities between various branches and
the data centre.
- At present, the operations at about 2,433
branches across the country are computerised out of which 108 operate
in a partially-computerised mode. The bank is a member of the RBIs
VSAT Network and has installed about 39 VSATs linking strategic branches
and offices adding redundancy during disaster.
- Bank of India has a data recovery site
located at a different seismic zone from its primary site.
- The secondary site is a hot site that
is almost identical to the primary one.
- Bank of India can recover its entire core-banking
setup almost instantaneously.
- It periodically conducts drills at the
Bank of India is the first Indian
bank to open a branch in London, a task it accomplished way back in 1946.
It is rated as one of the top five banks in India with more than 2,650
branches in the country and 23 abroad with an asset base of over $26 billion
As far as certifications are concerned, Bank of India complies with RBI regulations
and IT Act 2000. Bank of India is also in an process of getting ISO 27001 certification.
IDRBT Hyderabad handed the best bank for information security policy and practices
award to Bank of India.
The entire IT infrastructure management has been outsourced. Core banking is
outsourced and managed by HP. The ATM systems are handled by eFunds.