Absa steps up compliance with Oracle

One of South Africa's largest financial services groups, the Absa Group Limited (Absa), has been a prominent innovator in the financial services industry and offers a complete range of banking, bank assurance and wealth management products and services.

Absa is a subsidiary of Barclays Bank, which holds a 58.8% stake in the group and is a major financial services provider with more than 27 million customers and an extensive presence in more than 50 countries.

The financial institution is a longstanding strategic partner of Oracle, having used its database and warehouse technologies extensively for many years as the platform to implement a number of analytical initiatives. Absa has recently rolled out additional Oracle technologies to assist it in further entrenching its leadership in the data management sphere.

There is an increasing need for adherence to compliance requirements, local and global, and in particular in the data and information domains. This is according to Premlin Pillay, Head of Group Information Services at Absa, who says that, as part of the Barclays stable, Absa has a requirement to continuously improve operational excellence and reduce risk across the organisation.

Regulations, such as Sarbanes-Oxley and the Data Privacy Act require strong internal controls to protect sensitive financial and non-financial information from unauthorised access, modification and usage.

"Oracle Database Vault provides a security solution inside the Oracle Database, which enables our existing applications to comply with these and possibly future regulations without much customisation,” he says.

Using Oracle Database Vault, Pillay says Absa now has preventative controls to restrict unauthorised access to sensitive data by its users and when, where and how the databases and customer and transaction data can be accessed. Multiple factors such as IP address and authentication methods are used in a flexible and adaptable manner to enforce authentication without access.

Arthur Britz, the head of the data warehouse department, in Group Information Services, says apart from satisfying compliance regulations and mitigating risks associated with insider threats, Absa required a solution to monitor access to sensitive information.

"We decided on Oracle Audit Vault, which transparently collects consolidated audit data and provides valuable insight into who did what to which data at any given time."

"These Oracle Audit Vault reports, alert notifications and centralised audit policies reduce risks dramatically as access to data is strictly controlled. Privileged administrators cannot view or modify audit data and even auditors are prevented from modifying the data,” he says.

Britz says another requirement Absa had was to manage its system configurations as well as any database changes on the systems.

"As you can imagine, Absa is a very large organisation and manual methods of keeping track of all the software and hardware assets is not viable from a quality of service point of view. We required a tool that would give us a comprehensive view of all heterogeneous components,” he says.

To address this, Absa chose Oracle Enterprise Manager 10gConfiguration Management Pack, which captures and centralises information about all hardware and software resources throughout the bank, and speeds up the diagnosis resolution of problems that can arise from hardware failure or software errors.

"The solution provides a dashboard with a real-time view of configuration items, services and their dependencies within and across each other. It detects, documents, alerts and continuously maintains system configuration, and reduces the risks involved in rolling out changes to production environments by identifying the impact of changes on deployed applications and users,” says Britz.

To manage the changes in its database, Absa chose the Oracle Change Management Pack, which provides an integrated solution for database administrators and application developers.

Absa has hundreds of thousands of database entities, ranging from users and roles to tables and indexes as well as custom-built applications to support Absa's business processes. Oracle Change Management Pack allows developers and administrators to track changes to the objects as the database schema evolves over each application module, mapping its dependency on various database objects.

Pillay says collectively, the Oracle solutions will give Absa a good foundation in ensuring that the data stored in the enterprise data warehouse is secure from unauthorised access. This will ensure that Absa remains compliant to regulatory requirements related to data security and data privacy.

"But it's also more than that. It's not just compliance for the sake of compliance, but also the value we can add in through compliance, such as determining high-value items in the database, the usage patterns of our data, and reducing the cost of managing data.

“We continue to align ourselves with Oracle's industry strength solutions because we believe they have a holistic and comprehensive strategy and a vested interest in our business - that is what we require for our business,” he concludes.