In 2011, the Republic of Korea put the Korean Personal Information Protection Act into effect and advised the Korean financial industry to strengthen security for all institutions. Financial companies were required to encrypt their databases because of the large volumes of private data they maintain, such as resident registration numbers and personal credit information. If this data was leaked, it would result in significant losses for financial institutions and their customers.

The introduction of online and mobile banking also leaves personal information more exposed to potential security breaches. Implementing robust security measures would help increase customers’ confidence when using these services.

Shilla Savings Bank was using point-to-point security solutions to protect its network, PCs, and keyboards, but lacked data encryption. The Korean Personal Information Protection Act required database encryption to be completed by December 2012, so the bank had to act quickly.

In June 2012, Shilla Savings Bank upgraded its development, account, and disaster recovery databases from Oracle Database 10g to Oracle Database 11g Release 2. This enabled the bank to implement Oracle Advanced Security, an Oracle Database option with transparent database encryption. This fast-to-deploy feature supports table-level encryption at the database engine without changing applications. This means applications can continue to run without any degradation in performance.

“Oracle Database 11g makes it easy to utilize Oracle Advanced Security’s transparent data encryption feature to encrypt entire application tables and all data stored in the encrypted table simultaneously,” said Kwon Yeong-gwan, deputy general manager, IT team, Shilla Savings Bank. “We now have a robust database encryption solution that ensures we meet government regulations and protect private customer information and financial data.”

After implementing Oracle Advanced Security across databases, Shilla Savings Bank engaged security solution provider AhnLab to assess its security levels. Databases are assessed in six areas: account and entitlement management, file entitlement, access control, system configuration, auditing and monitoring, and operation management.

The bank had previously maintained an average security level of 68% for its development, account, and disaster recovery databases. The database management system performance diagnostics (which assesses the vulnerability of databases) revealed that Shilla Savings Bank’s average security level across all test areas has improved to around 99%.

Shilla Savings Bank received an ”Outstanding” rating for its security levels, which means that while some vulnerabilities exist in the diagnosed areas, exposure to possible threats causes almost no damage.

Moreover, the bank has since maintained an average security level of 100% for five database-related areas, including account and authority management, and file access authority.

Shilla Savings Bank also decided to reorganize its disaster recovery system to support the stable, simultaneous processing of vast volumes of financial transactions, such as loans or credit card applications. Strengthening disaster recovery also helps ensure customers enjoy continuous access to financial services.

To achieve these benefits, the bank implemented Oracle GoldenGate 11g at the same time it upgraded its account and disaster recovery databases to Oracle Database 11g Release 2. With Oracle GoldenGate, encrypted data is automatically synchronized to the account and disaster recovery databases, ensuring customer and business information remains safe and transactions can continue, even in the event of a system failure.

Shilla Savings Bank was initially concerned that the database upgrade and encryption would affect the performance of its business systems, such as its core banking platform. However, Oracle Database 11g’s caching function reduced the load generated by three, large-volume databases and kept the encryption-induced performance load at less than 8%. System response speeds actually improved following the upgrade.

“There were no negative changes to system performance, so we could continue to process financial transactions and provide seamless customer service,” said Kwon.

Shilla Savings Bank will continue reinforcing security across the bank by implementing two-channel verification and PC designation services. This ensures its security systems match those of other institutions in the Korean banking sector.