Founded in 1978, Shilla Savings Bank offers personal and commercial banking services. Its three centers of operation are Gyeonggi-do, Incheon, and Seoul. In 2006, the bank’s CEO Hong Jun-gi acquired the institution, ensuring stable management and introducing new business initiatives that laid the foundation for rapid growth. Shilla Savings Bank is now focusing on risk management by diversifying its portfolio to include personal credit facilities, stock loans, and special collateral loans.
To meet the requirements of the Korean Personal Information Protection Act, Shilla Savings Bank upgraded its databases to Oracle Database 11g Release 2, including Oracle Advanced Security with its transparent data encryption features. As a result, the bank improved average security levels for its databases from 68% to around 99%, and achieved a 100% security-level rating for five database-related areas.
In addition, Shilla Savings Bank improved disaster recovery by implementing Oracle GoldenGate, so that it can process vast volumes of financial transactions stably and simultaneously, using active-active database replication.
In 2011, the Republic of Korea put the Korean Personal Information Protection Act into effect and advised the Korean financial industry to strengthen security for all institutions. Financial companies were required to encrypt their databases because of the large volumes of private data they maintain, such as resident registration numbers and personal credit information. If this data was leaked, it would result in significant losses for financial institutions and their customers.
The introduction of online and mobile banking also leaves personal information more exposed to potential security breaches. Implementing robust security measures would help increase customers’ confidence when using these services.
Shilla Savings Bank was using point-to-point security solutions to protect its network, PCs, and keyboards, but lacked data encryption. The Korean Personal Information Protection Act required database encryption to be completed by December 2012, so the bank had to act quickly.
In June 2012, Shilla Savings Bank upgraded its development, account, and disaster recovery databases from Oracle Database 10g to Oracle Database 11g Release 2. This enabled the bank to implement Oracle Advanced Security, an Oracle Database option with transparent database encryption. This fast-to-deploy feature supports table-level encryption at the database engine without changing applications. This means applications can continue to run without any degradation in performance.
“Oracle Database 11g makes it easy to utilize Oracle Advanced Security’s transparent data encryption feature to encrypt entire application tables and all data stored in the encrypted table simultaneously,” said Kwon Yeong-gwan, deputy general manager, IT team, Shilla Savings Bank. “We now have a robust database encryption solution that ensures we meet government regulations and protect private customer information and financial data.”
After implementing Oracle Advanced Security across databases, Shilla Savings Bank engaged security solution provider AhnLab to assess its security levels. Databases are assessed in six areas: account and entitlement management, file entitlement, access control, system configuration, auditing and monitoring, and operation management.
The bank had previously maintained an average security level of 68% for its development, account, and disaster recovery databases. The database management system performance diagnostics (which assesses the vulnerability of databases) revealed that Shilla Savings Bank’s average security level across all test areas has improved to around 99%.
Shilla Savings Bank received an ”Outstanding” rating for its security levels, which means that while some vulnerabilities exist in the diagnosed areas, exposure to possible threats causes almost no damage.
Moreover, the bank has since maintained an average security level of 100% for five database-related areas, including account and authority management, and file access authority.
Shilla Savings Bank also decided to reorganize its disaster recovery system to support the stable, simultaneous processing of vast volumes of financial transactions, such as loans or credit card applications. Strengthening disaster recovery also helps ensure customers enjoy continuous access to financial services.
To achieve these benefits, the bank implemented Oracle GoldenGate 11g at the same time it upgraded its account and disaster recovery databases to Oracle Database 11g Release 2. With Oracle GoldenGate, encrypted data is automatically synchronized to the account and disaster recovery databases, ensuring customer and business information remains safe and transactions can continue, even in the event of a system failure.
Shilla Savings Bank was initially concerned that the database upgrade and encryption would affect the performance of its business systems, such as its core banking platform. However, Oracle Database 11g’s caching function reduced the load generated by three, large-volume databases and kept the encryption-induced performance load at less than 8%. System response speeds actually improved following the upgrade.
“There were no negative changes to system performance, so we could continue to process financial transactions and provide seamless customer service,” said Kwon.
Shilla Savings Bank will continue reinforcing security across the bank by implementing two-channel verification and PC designation services. This ensures its security systems match those of other institutions in the Korean banking sector.
Shilla Savings Bank has used Oracle Database for 10 years and thinks very highly of the solution. For this reason, the bank chose to continue using Oracle products to encrypt its databases. It particularly liked Oracle Advanced Security’s transparent data encryption because it provides table-level encryption and maintains performance without needing to modify applications. Oracle Advanced Security is also highly compatible with Oracle Database.
Shilla Savings Bank divided its databases into three types— development, account, and disaster recovery—for the upgrade to Oracle Database 11g Release 2, including the Oracle Advanced Security option and Oracle GoldenGate.
The first phase of the project (June to mid-July 2012), involved upgrading the development databases; the second phase (mid-July to mid-August 2012) involved upgrading the account databases; and the third phase (over five days at the start of September 2012) involved upgrading the disaster recovery databases.
Oracle Advanced Security was deployed in all phases of the project, while Oracle GoldenGate was deployed in the second and third phases for the account and disaster recovery databases. It also supported real-time data migration throughout the database upgrade.
Oracle partner Zungwon Engineering & Systems has a longstanding working relationship with Shilla Savings Bank. The partner recommended Oracle Advanced Security as the solution best suited to the bank’s existing infrastructure and that would meet its future security requirements. Zungwon Engineering & Systems also helped Shilla Savings Bank upgrade and encrypt its databases and implement Oracle GoldenGate.
“Zungwon Engineering & Systems has various references from the finance sector, such as Shinhan Bank and the Export Import Bank of Korea, and is also a long-term partner of Shilla Savings Bank,” said Kwon. “The company is made up of experts from various fields and not only has the required technical expertise but also an in-depth understanding of our environment and long-term vision, which helped us to complete this project together successfully.”