thinkmoney is a new generation UK retail bank founded in 2001. It wanted to transform its IT platform to support its key products: Current Account, Personal Loan and Travel Card. It was also looking to significantly improve management control and governance of privileged access to critical IT systems. Two specific risk areas were considered:
- Insider threats: Where a malicious insider obtains super-user or administrative passwords- through social-engineering, key-logging, or the malpractice of password sharing, to mitigate internal attacks, compromising confidential data or sabotaging systems.
- Sophisticated cyber-attacks: Where an external attacker gains covert access to the network and captures super-user or administrative passwords with which to carry out an attack.
The regulator suggests that it is good practice to implement ‘powerful administrator passwords to additional controls’; entrusting those passwords to the minimum number of people, ensuring that use and access is always logged and regularly reviewed, and following up any exceptions or anomalies. This therefore became a firm project goal.
A relatively small but highly secure subsystem was required. It needed to encompass 50 multi-platform servers, backend databases, firewalls and other network and security devices.