Shilla Savings Bank Boosts Security Rating to 99%, Enhances Disaster Recovery to Safeguard Customer Data, and Increases Customer Confidence
 
Oracle 1-800-633-0738
Find an Oracle Specialized Partner
Oracle Customer Programs
 
 

Shilla Savings Bank Boosts Security Rating to 99%, Enhances Disaster Recovery to Safeguard Customer Data, and Increases Customer Confidence

Founded in 1978, Shilla Savings Bank offers personal and commercial banking services. Its three centers of operation are Gyeonggi-do, Incheon, and Seoul. In 2006, the bank’s CEO Hong Jun-gi acquired the institution, ensuring stable management and introducing new business initiatives that laid the foundation for rapid growth. Shilla Savings Bank is now focusing on risk management by diversifying its portfolio to include personal credit facilities, stock loans, and special collateral loans.

To meet the requirements of the Korean Personal Information Protection Act, Shilla Savings Bank upgraded its databases to Oracle Database 11g Release 2, including Oracle Advanced Security with its transparent data encryption features. As a result, the bank improved average security levels for its databases from 68% to around 99%, and achieved a 100% security-level rating for five database-related areas.

In addition, Shilla Savings Bank improved disaster recovery by implementing Oracle GoldenGate, so that it can process vast volumes of financial transactions stably and simultaneously, using active-active database replication.

 
Robust Database Encryption Solution Needed

A word from Shilla Savings Bank

  • “The combination of Oracle Database 11g, Oracle Advanced Security, and Oracle GoldenGate enabled us to reinforce the stability of our systems, protect confidential customer information, and meet security regulations mandated by the government. As a result, we have improved security-rating levels to 99% across all areas of the bank and enhanced disaster recovery.” – Kwon Yeong-gwan, Deputy General Manager, IT Team, Shilla Savings Bank

In 2011, the Republic of Korea put the Korean Personal Information Protection Act into effect and advised the Korean financial industry to strengthen security for all institutions. Financial companies were required to encrypt their databases because of the large volumes of private data they maintain, such as resident registration numbers and personal credit information. If this data was leaked, it would result in significant losses for financial institutions and their customers.

The introduction of online and mobile banking also leaves personal information more exposed to potential security breaches. Implementing robust security measures would help increase customers’ confidence when using these services.

Shilla Savings Bank was using point-to-point security solutions to protect its network, PCs, and keyboards, but lacked data encryption. The Korean Personal Information Protection Act required database encryption to be completed by December 2012, so the bank had to act quickly.

In June 2012, Shilla Savings Bank upgraded its development, account, and disaster recovery databases from Oracle Database 10g to Oracle Database 11g Release 2. This enabled the bank to implement Oracle Advanced Security, an Oracle Database option with transparent database encryption. This fast-to-deploy feature supports table-level encryption at the database engine without changing applications. This means applications can continue to run without any degradation in performance.

“Oracle Database 11g makes it easy to utilize Oracle Advanced Security’s transparent data encryption feature to encrypt entire application tables and all data stored in the encrypted table simultaneously,” said Kwon Yeong-gwan, deputy general manager, IT team, Shilla Savings Bank. “We now have a robust database encryption solution that ensures we meet government regulations and protect private customer information and financial data.”

 
Security Level Improved to 99%

 
Improved Disaster Recovery Reinforces Security and Stability

 
Stable System Performance Maintained During Upgrade

 
 

 
 

Challenges

  • Address the lack of database encryption in the existing IT infrastructure to protect sensitive customer data, such as personal credit information, from malicious attacks
  • Meet Korean Personal Information Protection Act regulations, which required financial institutions to strengthen security
  • Increase customers’ confidence when using online and mobile banking, which is seen as exposing personal information to more security breaches than ever
  • Review existing disaster recovery processes to ensure continuous business operation in the event of a system outage
  • Maintain stable system performance during the database upgrade and encryption process
  • Provide a foundation to meet future security requirements and achieve its goal of becoming one of the top three savings banks in Korea before 2014

Solutions

  • Improved average security-rating levels across development, account, and disaster recovery databases from 68% to around 99%
  • Maintained an average security level of 100% for five database-related areas, including account and authority management and file access authority
  • Prevented the database upgrade and encryption from affecting day-to-day operations by using Oracle Database 11g’s caching function to keep the encryption-induced performance load at less than 8%
  • Received an “Outstanding” rating from security solution provider AhnLab for its security levels, meaning exposure to possible threats causes almost no damage
  • Met regulatory requirements set by the Korean Personal Information Protection Act to strengthen security at financial institutions
  • Deployed the Oracle solutions in just three months to comply with the Korean Personal Information Protection Act before the December 2012 deadline
  • Ensured customers are confident using online and mobile banking services by automatically encrypting their private information
  • Allowed the bank to provide seamless customer service by enhancing disaster recovery and maintaining system performance
  • Protected sensitive information and enabled transactions to continue during a system failure, by automatically synchronizing encrypted data with account and disaster recovery databases
  • Enabled real-time data migration throughout the database upgrade

Why Oracle

Shilla Savings Bank has used Oracle Database for 10 years and thinks very highly of the solution. For this reason, the bank chose to continue using Oracle products to encrypt its databases. It particularly liked Oracle Advanced Security’s transparent data encryption because it provides table-level encryption and maintains performance without needing to modify applications. Oracle Advanced Security is also highly compatible with Oracle Database.

Implementation Process

Shilla Savings Bank divided its databases into three types— development, account, and disaster recovery—for the upgrade to Oracle Database 11g Release 2, including the Oracle Advanced Security option and Oracle GoldenGate.

The first phase of the project (June to mid-July 2012), involved upgrading the development databases; the second phase (mid-July to mid-August 2012) involved upgrading the account databases; and the third phase (over five days at the start of September 2012) involved upgrading the disaster recovery databases.

Oracle Advanced Security was deployed in all phases of the project, while Oracle GoldenGate was deployed in the second and third phases for the account and disaster recovery databases. It also supported real-time data migration throughout the database upgrade.

Partner

Oracle partner Zungwon Engineering & Systems has a longstanding working relationship with Shilla Savings Bank. The partner recommended Oracle Advanced Security as the solution best suited to the bank’s existing infrastructure and that would meet its future security requirements. Zungwon Engineering & Systems also helped Shilla Savings Bank upgrade and encrypt its databases and implement Oracle GoldenGate.

“Zungwon Engineering & Systems has various references from the finance sector, such as Shinhan Bank and the Export Import Bank of Korea, and is also a long-term partner of Shilla Savings Bank,” said Kwon. “The company is made up of experts from various fields and not only has the required technical expertise but also an in-depth understanding of our environment and long-term vision, which helped us to complete this project together successfully.”