Security as a service

Irish Life & Permanent (IL&P) has made significant headway with its rollout of online banking services in recent years. As more customers have warmed to the notion of e-banking, the Dublin-based financial services provider  has seen a significant opportunity to differentiate itself by the quality and robustness of its security provisions.

As a result, over the past two years, the number of customers using the bank’s online service has risen sharply – more than a million of its customers now use its online services and direct email system. But as that volume has grown the bank’s underlying critical infrastructure has started to feel the strain.

Increasingly, says Brendan Duffy of IL&P’s Group IT Information Security and Network Services, the bank’s email systems have been swamped by a deluge of spam, threatening its ability to respond  to genuine customers’ emails. “The solution we had in place couldn’t cater for the increasing volume of mail we were receiving,” he explains.

At one stage the email system was struggling so much that delivery delays of up to half an hour in the morning became common. This “could develop into several hours by the afternoon,” says Duffy. Furthermore, the difficulties of filtering out rogue emails meant a high proportion of spam mail was being delivered to the bank’s 5,500 internal users’ in-boxes, “which was also wasting productive time”, adds Duffy.

As the reliability of the bank’s email service began to falter – and the threat from viruses and hackers rose – the IT team determined it was time to implement a new email security solution that was not only capable of blocking illegitimate messages and spam at the perimeter, but, more importantly, of guaranteeing the safe delivery of genuine messages.

Through consultation with advisory firm Gartner, the bank settled on an email firewall and anti-spam service from Tumbleweed, which operates its services on servers located just inside the bank’s network perimeter. IL&P ran the solution parallel to the legacy system for three weeks, before switching the latter off.

Because the Tumbleweed anti-spam service updates the firewall with new spam defences as they are published, and has been fully integrated with the bank’s virus scanner, the solution has dramatically reduced the volume of spam that reaches users’ inboxes.

In addition, the bank now experiences far fewer instances of false positives – one in every 100,000 messages. The email system overhaul has also reduced the bank’s hardware footprint. Whereas in the previous email environment the bank was running six servers, this has now been reduced to three. “We could turn off two of them and you wouldn’t even notice,” says Duffy. “There’s sufficient power in one of these systems to process all our mail.”

More importantly for the bank, however, the implementation of the new security solution has allowed the organisation to improve the communication service it delivers to both its internal users and external customers, Duffy explains. “The previous mail sweeping system created text files. You’d have to search through these on each server to try and research any mail queries.”

The control the system allows Duffy and his team to make changes instantly, whereas previously these could be made only once a day.

“New exemptions would have to be put in overnight, and then we’d have to restart the servers in sequence. Now we can apply changes immediately so we are better able to react to customers’ wishes.”

The question of security, adds Duffy, is not so much one of responsibility. “It’s really about what better service you can provide to your customers.”

Further reading 

Equifax taken down by phishing attack

Northern Rock website buckles

Find more stories in the Security & Continuity Briefing Room

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics