When floor trading in Singapore ended in 2005, ABN Amro saw both an opportunity and a potential danger.
By building a new trading floor in the Southeastern Asian nation, the institution hoped to develop floor-trading business in a nation where trading had all of a sudden become entirely electronic. But it also saw inherent risks in opening a professional trading center outside its firewall. And Singapore is way outside the firewall.
So the institution turned to an external endpoint security software from ControlGuard. ABN Amro's using the software to keep the PCs in its new trading floor free from any external software or memory device. "We want to make sure we could keep the data that's on our equipment clean," says Joseph Kelly, svp and CRO of ABN Amro Global Futures.
These external devices, such as memory sticks, can be used to glean sensitive data from PCs or laptops. In the case of the trading center, the sticks can be used to monitor the activities of the traders-who are independent and don't work for ABN Amro - or the potential compromise of sensitive data. By loading memory sticks, a user can access information the institution doesn't want in open electronic space. Those same rogue users can also track the activities of other traders, which would obviously be a concern to those traders.
The institution has deployed ControlGuard's product on more than two dozen PCs, which means those PCs can only access what the institution wishes. "We want to lock down the PC, so that people can run applications on the PC, but not allow them to stick any memory sticks on them or load software. That makes the PC great for trading," Kelly says.
For other operations, such as Internet searches, ABN Amro has set up a separate "dirty" network-as in no access to sensitive information.
Kelly says ControlGuard's software can also determine if an institutional rule has been violated, and track the source of that violation. Kelly also says he's pleased with the product's lack of "invasiveness," a concern that many industry executives have about security products.
Since remote devices can't be controlled as easily as centralized systems, institutions are purchasing products that protect laptops, PCs, handheld devices and other tools. By monitoring access or destroying data if a device is lost, institutions are retaking control of information.
David Raanan, CMO of ControlGuard and the company's general manager in the U.S., says an additional concern is that a lot of the gadgets that are now commonly used by workers aren't necessarily sanctioned by the enterprise-another fallout of remote function. Yet the extracted data that can reside on these devices is still sensitive. "These are gadgets that people bring in from home, such as their own phones or handhelds," he says. "There is a whole movable media that's being introduced."
Raanan says these devices came to be part of an institution's informal product set almost by accident. "There is a whole movable media that's being introduced. The enterprise didn't decide in a conscious way that it would start using these kinds of devices on a certain day. It just happened. It's similar to instant messaging. People just started to use it by using their own programs."
He says that's created the potential for a world "where anything beyond the endpoint is a free for all, and that's unacceptable," particularly when regulations such as Sarbanes-Oxley create accountability for the institutions. "It's not unusual for an endpoint to contain a lot of the organization's business," he says.
Raanan says there are a number of ways to nab information from an external device, and if there's little control over the flow of that information, security risk can increase-particularly since it's easy to compromise data by accident. "People unintentionally, or intentionally, with a CD or a phone with a camera, can cause a compromise," he says. "If you take a picture that you want to download and use a thumb drive. Even if the intent is innocent, if that user never bothered to make sure that they are using is virus free, there could be a Trojan horse or malware they are introducing into a network that the enterprise has spent lots to protect. Most laptops have wireless interfaces, for example. Most of the time, the users aren't even aware if those interfaces and stable."
