SlideShare a Scribd company logo

Swift 7.2 & Customer Security: Providing choice, flexibility and control.

N
Nancy Hernandez

Meeting Swift 7.2 & Customer Security Deadlines: Practical strategies for success. Presented by Patricia Hines, Senior Celent Analyst and Head of Swift Services, B. Venkat from PayCommerce.

Technology
1 of 29
Download to read offline
0 SWIFT 7.2 & Customer Security Providing choice, flexibility & control.
© Oliver Wyman Patricia Hines, CTP Senior Analyst, Corporate Banking Celent SWIFT 7.2 UPGRADE: WHAT DO YOU NEED TO KNOW? DECEMBER 6, 2017
2© Oliver Wyman • SWIFT is upgrading the Alliance product suite, including: – Alliance Access 7.2 – Alliance Entry 7.2 – Alliance RMA 7.2 – Alliance Gateway 7.2 – Alliance Remote API 7.2 – SWIFTNet Link 7.2 – Alliance Web Platform 7.2 SWIFT 7.2 Upgrade: What’s Happening? Source: SWIFT Website • Introduction of 64-bit architecture and new operating system requirements: AIX 7.2, Red Hat Enterprise Linux (RHEL) 7.2, Oracle Solaris 11.3, and Windows Server 2016 • This mandatory upgrade is necessary “to continue to provide a highly secure and efficient SWIFT service for our customers in the years ahead” – SWIFT
3© Oliver Wyman • Cyber threats and security vulnerabilities require more regularly releases security updates • Formerly, security updates with combined with functional updates, on an ad hoc basis • Release Policy Principles: – Clear end of support dates will be defined at the availability of an annual release – One planned release per year (aligned with message standards release) – Annual version supported for 2 years of maintenance and 7 months of migration support – And more… • Mandatory security updates will be issued once per year, with possible quarterly releases (if required) Why is SWIFT Updating its Release Policy Principles? Source: SWIFT Premium Forum Americas, New York City, May 1st 2017
4© Oliver Wyman • The mandatory SWIFT 7.2 upgrade and technology refresh require: – Upgrading SWIFT software components – Upgrading operating system software baseline and move to 64 bit – Evaluation and potential upgrade of existing hardware – Significant systems and user acceptance testing – New hardware model for HSM and 3SKey tokens SWIFT 7.2 Upgrade: What is the Impact? • Full impact cannot be determined without a detailed gap analysis Source: SWIFT Website
5© Oliver Wyman • SWIFT Accord services decommissioned October 2017 • Customer Security Programme (CSP) compliance attestation required by December 31 2017 • SWIFT 2017 MT (FIN) and MX Maintenance Release required by November 17 2018 • SWIFT FileAct Enhancements • SWIFT 2018 MT (FIN) and MX Maintenance Release required by November 2019 (New SWIFT Trade Messages) SWIFT: What Else is Happening?
6© Oliver Wyman SWIFT Updates: What is the Timeline? SWIFT 7.2 Upgrade Mandatory Completion 7.2 Preliminary Release Overview Nov 2018 7.2 General Distribution SWIFT MT & MX Release 2018 Live Nov 2018 FileAct Enhancements Nov 2018 Aug 2017 Sept 2015 SWIFT MT Release 2018 Issued Dec 2017
7 SWIFT 7.2 & Customer Security Providing choice, flexibility & control.
8© Oliver Wyman • Upgrade all SWIFT Applications • Change environment –Hardware –OS –MQ • Changes to comply with Customer Security Controls Planning for 7.2
9© Oliver Wyman • How does it impact you (in-house)? –Services to upgrade SWIFT Applications –Costs of replacing OS –Evaluation of hardware replacement –Customer security controls changes • How does it impact you (Service Bureau)? –Supporting vendor through testing of new platform –Customer Security controls changes We understand your challenges…
10© Oliver Wyman 2 Options: 1) Currently In-house: - Stay in-house - Outsource all or part of the infrastructure 2) Currently outsourced: - Stay outsourced - Move in-house PayCommerce well-positioned to support both options –SWIFT Certified Specialists (for in-house) –SWIFT Certified Service Bureau What are your options?
11© Oliver Wyman SWIFT Architecture Connectivit y
12© Oliver Wyman SWIFT messaging interface (SAA) SWIFT Alliance Gateway (SAG) & SNL Back-office integration with SAA Manual End-Users of SAA Firewall Hardware Security Module VPN Appliances VPN VPN VPN Tunnel over Internet or Leased Line(s) SWIFT Web Platform (SWP) ConnectivityMessaging Swift Connectivity and Messaging Overview
13© Oliver Wyman Service Bureau Outsourcing Options 1 Shared Services • Multi-tenant Service Bureau 2 Connectivity • SAA and Non Swift messaging support 3 Dedicated Services • Single tenant, dedicated network / servers for messaging interface Outsourcing Options
14© Oliver Wyman • Functionality –2 GB file size supported (previously 250 MB) • Resilience –Automatic resume of interrupted file transfers –“Unknown” status requiring manual intervention eliminated • Efficiency –Logical file name returned in delivery notification for reconciliation Ability to use all available bandwidth –No limit on number of concurrent transfers –Dynamic control of concurrent transfers • Cannot change to production w/o SWIFT authorization –Remote file handler, SNL & SAG 7.0.50 mandatory. –Not all users are compliant. SWIFT 7.2 Upgrade – File Act Enhancements
15© Oliver Wyman SAA Interface changes –Only MQ Client supported, not MQ server MQ Client Version supported –8.0.0.6 except … –8.0.0.8 on Windows –IBM released MQ 9.0 on June 2, 2016 –MQ 9.0 will not be supported for 2 to 3 years Changes in MQ
16© Oliver Wyman Planning –Involve Business, IT & Security teams –SWIFT Best practice check tool (34 checks) –Decisions on hardware, OS, security, outsourcing –Budget approvals Preparation –Checklists (comprehensive checklist is 13 pages) –Customized for each customer –Confirmation that a checklist item has been completed –How we can help Execution –Upgrade –Test –Go live 7.2 Upgrade Process
17© Oliver Wyman November 30, 2018 – Will lose the ability to transact over SWIFT if migration not completed Migration window – SWIFT allows 15 months –Out of 15 months, 3 are already over – So only 12 (or more likely 11) months remaining Resources –The closer you get to November 30, the shorter the resources from vendors will be – November is also the 2018 message standards release – Plan now!! – Execute ahead of deadline The Deadline
18© Oliver Wyman Test Environment –March 31, 2018 –7.2 test environment available in parallel with 7.1 Production Environment –September 30, 2018 –Go live dependent on SWIFT confirmation for FileAct Service Bureau Timeline
19© Oliver Wyman • HSM Box – IS6 (No change) –Software version 6.1 compatible with SNL 7.0.50 – Remote PED Firmware to 2.7.0-3 – Remote PED WorkStation software to 7.2.0.1 • HSM Tokens – New, requires SNL 7.2. • SNL & SAG must be installed together – Compatible with SAA / SAE 7.1.x • SAA 7.2 – Requires SAG / SNL 7.2 – Any applications that use ADK must also be upgraded • AWP 7.2 required for all 7.2 products Alliance Products --Compatibility
20© Oliver Wyman • General Principles –Set-up new environment: Must get new hardware –Install new OS –Install Alliance software and import data • Upgrade Path –If HSM box, upgrade HSM software, Remote PED firmware, workstation software –Install AWP 7.2 (but retain older AWP version) –Install SNL and SAG together –If HSM token, install HSM token –Install SAA / SAE –Decommission older AWP version. Alliance Products – Upgrade Roadmap
21© Oliver Wyman • CSP and SIP –Customer Security Program (CSP) is for SWIFT customers –Shared Infrastructure Program (SIP) is for Service Bureaux –SIP is more extensive with on-site audit (60+ controls) –SIP being explicitly aligned with CSP in 2018 • Deadlines and SWIFT Actions for CSP Customer Security Event Deadline SWIFT Action Self-attestation Dec 31, 2017 Local regulators or supervisory authorities informed Compliance with controls Dec 31, 2018 Local regulators or supervisory authorities informed
22© Oliver Wyman • Collect Data –Baseline document available to help you with what data you have to collect • Enter into self-attestation application on swift.com –Part of SWIFT’s KYC Registry –This application is non-trivial. • Where you can get help –support@swift.com, 540-825-6056 –JOHNSTON Jonathan Jonathan.JOHNSTON@swift.com –PayCommerce What You need to do for Self-Attestation
23© Oliver Wyman • A1: Full Stack • A2: Partial Stack (Messaging in-house, Connectivity Outsourced) • A3: Software application to facilitate communication • B: No local footprint What’s your architecture
24© Oliver Wyman How many Controls are Applicable Architectur e A Architectur e B Mandatory 16 11 Advisory 11 9 Total 27 20
25© Oliver Wyman • User interface (B) • MQ (B) • File Transfer Application: Do you consider this middleware? –Yes: B –No: A3 • SWIFT or PayCommerce cannot make this decision –Your judgment and interpretation of the framework Service Bureau: Architecture A3 or B?
26© Oliver Wyman • Not for distribution How PayCommerce can help - 1 # Name Description 1.1 A SWIFT Environment Protection “Secure Zone” implementation 2.1 A Internal Data Flow Security Data flows between SWIFT applications 2.2 B Security Updates SWIFT application patches 2.4A B Back-office data flow security TLS, LAU implementations 2.6A B Operator Session Confidentiality and Integrity https, lock-out feature 2.9A B Transaction Business Controls RMA, Reconciliation, limit LT logins. 4.1 B Password Policy For SWIFT applications 4.2 B Multi-factor authentication For SWIFT applications 5.1 B Logical Access Controls Least privilege, segregation of duties, 4-eyes for SWIFT applications 6.2 A Software Integrity For SWIFT applications 6.3 A Database Integrity For SWIFT Applications 6.4 B Logging and Monitoring Event Journal, Automated alerting
27© Oliver Wyman How PayCommerce can help - 2 # Name Description 2.7A B Vulnerability Scanning Vulnerabilities within SWIFT environment 6.5A A Intrusion Detection Network activity tracked for intrusion 7.1 B Cyber Incident Response Planning Reviewed annually and tested once in 2 years 7.3A B Penetration Testing Application, host and network testing
28 Thank You

Recommended

The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611FSLogix
 
BASE24 classic - modernization options
BASE24 classic - modernization optionsBASE24 classic - modernization options
BASE24 classic - modernization optionsThomas Burg
 
Understanding Multitenancy and the Architecture of the Salesforce Platform
Understanding Multitenancy and the Architecture of the Salesforce PlatformUnderstanding Multitenancy and the Architecture of the Salesforce Platform
Understanding Multitenancy and the Architecture of the Salesforce PlatformSalesforce Developers
 
shrinath updated genesys resume
shrinath updated genesys resumeshrinath updated genesys resume
shrinath updated genesys resumeShrinath M
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxMdMofijulHaque
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization InterVision Systems
 

Recommended

The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611FSLogix
 
BASE24 classic - modernization options
BASE24 classic - modernization optionsBASE24 classic - modernization options
BASE24 classic - modernization optionsThomas Burg
 
Understanding Multitenancy and the Architecture of the Salesforce Platform
Understanding Multitenancy and the Architecture of the Salesforce PlatformUnderstanding Multitenancy and the Architecture of the Salesforce Platform
Understanding Multitenancy and the Architecture of the Salesforce PlatformSalesforce Developers
 
shrinath updated genesys resume
shrinath updated genesys resumeshrinath updated genesys resume
shrinath updated genesys resumeShrinath M
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxMdMofijulHaque
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization InterVision Systems
 
Acmp study guide_d[1]
Acmp study guide_d[1]Acmp study guide_d[1]
Acmp study guide_d[1]Aruba, a Hewlett Packard Enterprise company
 
Salesforce Multitenant Architecture: How We Do the Magic We Do
Salesforce Multitenant Architecture: How We Do the Magic We DoSalesforce Multitenant Architecture: How We Do the Magic We Do
Salesforce Multitenant Architecture: How We Do the Magic We DoSalesforce Developers
 
Demystifying OpenStack for NFV
Demystifying OpenStack for NFVDemystifying OpenStack for NFV
Demystifying OpenStack for NFVTrinath Somanchi
 
Network Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsNetwork Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsdeshpandeamrut
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 
OSS Presentation Arista
OSS Presentation AristaOSS Presentation Arista
OSS Presentation AristaOpenStorageSummit
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
Top 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseTop 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseF5 Networks
 
Salesforce introduction
Salesforce introductionSalesforce introduction
Salesforce introductionAnas Anas
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profileSafwan Talab
 
Bring the Customer Journey to Life with Salesforce Marketing Cloud
Bring the Customer Journey to Life with Salesforce Marketing CloudBring the Customer Journey to Life with Salesforce Marketing Cloud
Bring the Customer Journey to Life with Salesforce Marketing CloudSalesforce Marketing Cloud
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmapIsmail aboulezz
 
Mule salesforce integration solutions
Mule salesforce integration solutionsMule salesforce integration solutions
Mule salesforce integration solutionshimajareddys
 
Secure sd wan
Secure sd wanSecure sd wan
Secure sd wanDr. (Engr.) OLUGBENGA BABATUNDE(FBCS,CPMP,FCIPM,FIPMA,FIMC,CMC,MNSE)
 
Introduction Network Monitoring and Management Solution
Introduction Network Monitoring and Management SolutionIntroduction Network Monitoring and Management Solution
Introduction Network Monitoring and Management SolutionTien Nguyen Duc
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
How api management supports the digital transformation process
How api management supports the digital transformation processHow api management supports the digital transformation process
How api management supports the digital transformation processSmartWave
 

More Related Content

What's hot

Salesforce Multitenant Architecture: How We Do the Magic We Do
Salesforce Multitenant Architecture: How We Do the Magic We DoSalesforce Multitenant Architecture: How We Do the Magic We Do
Salesforce Multitenant Architecture: How We Do the Magic We DoSalesforce Developers
 
Demystifying OpenStack for NFV
Demystifying OpenStack for NFVDemystifying OpenStack for NFV
Demystifying OpenStack for NFVTrinath Somanchi
 
Network Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsNetwork Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsdeshpandeamrut
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
Top 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseTop 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseF5 Networks
 
Salesforce introduction
Salesforce introductionSalesforce introduction
Salesforce introductionAnas Anas
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profileSafwan Talab
 
Bring the Customer Journey to Life with Salesforce Marketing Cloud
Bring the Customer Journey to Life with Salesforce Marketing CloudBring the Customer Journey to Life with Salesforce Marketing Cloud
Bring the Customer Journey to Life with Salesforce Marketing CloudSalesforce Marketing Cloud
 
Mule salesforce integration solutions
Mule salesforce integration solutionsMule salesforce integration solutions
Mule salesforce integration solutionshimajareddys
 
Introduction Network Monitoring and Management Solution
Introduction Network Monitoring and Management SolutionIntroduction Network Monitoring and Management Solution
Introduction Network Monitoring and Management SolutionTien Nguyen Duc
 

What's hot (20)

Acmp study guide_d[1]
Acmp study guide_d[1]Acmp study guide_d[1]
Acmp study guide_d[1]
 
Salesforce Multitenant Architecture: How We Do the Magic We Do
Salesforce Multitenant Architecture: How We Do the Magic We DoSalesforce Multitenant Architecture: How We Do the Magic We Do
Salesforce Multitenant Architecture: How We Do the Magic We Do
 
Demystifying OpenStack for NFV
Demystifying OpenStack for NFVDemystifying OpenStack for NFV
Demystifying OpenStack for NFV
 
Network Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspectsNetwork Virtualization Architectural & Technological aspects
Network Virtualization Architectural & Technological aspects
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancer
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
 
OSS Presentation Arista
OSS Presentation AristaOSS Presentation Arista
OSS Presentation Arista
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
 
Top 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseTop 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes Sense
 
Salesforce introduction
Salesforce introductionSalesforce introduction
Salesforce introduction
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
 
Bring the Customer Journey to Life with Salesforce Marketing Cloud
Bring the Customer Journey to Life with Salesforce Marketing CloudBring the Customer Journey to Life with Salesforce Marketing Cloud
Bring the Customer Journey to Life with Salesforce Marketing Cloud
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmap
 
Mule salesforce integration solutions
Mule salesforce integration solutionsMule salesforce integration solutions
Mule salesforce integration solutions
 
Secure sd wan
Secure sd wanSecure sd wan
Secure sd wan
 
Introduction Network Monitoring and Management Solution
Introduction Network Monitoring and Management SolutionIntroduction Network Monitoring and Management Solution
Introduction Network Monitoring and Management Solution
 

Similar to Swift 7.2 & Customer Security: Providing choice, flexibility and control.

Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceAlgoSec
 
How api management supports the digital transformation process
How api management supports the digital transformation processHow api management supports the digital transformation process
How api management supports the digital transformation processSmartWave
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018Chris Phillips
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsFab Fusaro
 
OpenStack Summit Fall 2018: LBaaS
OpenStack Summit Fall 2018: LBaaSOpenStack Summit Fall 2018: LBaaS
OpenStack Summit Fall 2018: LBaaSPraveen Yalagandula
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PROIDEA
 
CICS TS V4 and V5 recap, and the new V5.3 open beta
CICS TS V4 and V5 recap, and the new V5.3 open betaCICS TS V4 and V5 recap, and the new V5.3 open beta
CICS TS V4 and V5 recap, and the new V5.3 open betaMark Cocker
 
Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)
Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)
Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)nick_garrod
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...
SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...
SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...SolarWinds
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterF5NetworksAPJ
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
AME-1936 : Enterprise Messaging for Next-Generation Core Banking
AME-1936 : Enterprise Messaging for Next-Generation Core BankingAME-1936 : Enterprise Messaging for Next-Generation Core Banking
AME-1936 : Enterprise Messaging for Next-Generation Core Bankingwangbo626
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...PROIDEA
 
Microservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing MicroservicesMicroservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing MicroservicesQAware GmbH
 
Moving to microservices – a technology and organisation transformational journey
Moving to microservices – a technology and organisation transformational journeyMoving to microservices – a technology and organisation transformational journey
Moving to microservices – a technology and organisation transformational journeyBoyan Dimitrov
 

Similar to Swift 7.2 & Customer Security: Providing choice, flexibility and control. (20)

Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
How api management supports the digital transformation process
How api management supports the digital transformation processHow api management supports the digital transformation process
How api management supports the digital transformation process
 
IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018IBM API Connect Deployment `Good Practices - IBM Think 2018
IBM API Connect Deployment `Good Practices - IBM Think 2018
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
OpenStack Summit Fall 2018: LBaaS
OpenStack Summit Fall 2018: LBaaSOpenStack Summit Fall 2018: LBaaS
OpenStack Summit Fall 2018: LBaaS
 
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
PLNOG 22 - Sebastian Grabski - Is your network ready for application from the...
 
CICS TS V4 and V5 recap, and the new V5.3 open beta
CICS TS V4 and V5 recap, and the new V5.3 open betaCICS TS V4 and V5 recap, and the new V5.3 open beta
CICS TS V4 and V5 recap, and the new V5.3 open beta
 
Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)
Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)
Cics ts v4 and v5 recap, and the new cics ts v5.3 open beta (1)
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Zanders NGO Event December 2014: Zanders
Zanders NGO Event December 2014: ZandersZanders NGO Event December 2014: Zanders
Zanders NGO Event December 2014: Zanders
 
SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...
SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...
SolarWinds Federal & Government SE Webinar: Technical Update & Demo of New Fe...
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data Center
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
AME-1936 : Enterprise Messaging for Next-Generation Core Banking
AME-1936 : Enterprise Messaging for Next-Generation Core BankingAME-1936 : Enterprise Messaging for Next-Generation Core Banking
AME-1936 : Enterprise Messaging for Next-Generation Core Banking
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
 
Microservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing MicroservicesMicroservices @ Work - A Practice Report of Developing Microservices
Microservices @ Work - A Practice Report of Developing Microservices
 
Moving to microservices – a technology and organisation transformational journey
Moving to microservices – a technology and organisation transformational journeyMoving to microservices – a technology and organisation transformational journey
Moving to microservices – a technology and organisation transformational journey
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Swift 7.2 & Customer Security: Providing choice, flexibility and control.

  • 1. 0 SWIFT 7.2 & Customer Security Providing choice, flexibility & control.
  • 2. © Oliver Wyman Patricia Hines, CTP Senior Analyst, Corporate Banking Celent SWIFT 7.2 UPGRADE: WHAT DO YOU NEED TO KNOW? DECEMBER 6, 2017
  • 3. 2© Oliver Wyman • SWIFT is upgrading the Alliance product suite, including: – Alliance Access 7.2 – Alliance Entry 7.2 – Alliance RMA 7.2 – Alliance Gateway 7.2 – Alliance Remote API 7.2 – SWIFTNet Link 7.2 – Alliance Web Platform 7.2 SWIFT 7.2 Upgrade: What’s Happening? Source: SWIFT Website • Introduction of 64-bit architecture and new operating system requirements: AIX 7.2, Red Hat Enterprise Linux (RHEL) 7.2, Oracle Solaris 11.3, and Windows Server 2016 • This mandatory upgrade is necessary “to continue to provide a highly secure and efficient SWIFT service for our customers in the years ahead” – SWIFT
  • 4. 3© Oliver Wyman • Cyber threats and security vulnerabilities require more regularly releases security updates • Formerly, security updates with combined with functional updates, on an ad hoc basis • Release Policy Principles: – Clear end of support dates will be defined at the availability of an annual release – One planned release per year (aligned with message standards release) – Annual version supported for 2 years of maintenance and 7 months of migration support – And more… • Mandatory security updates will be issued once per year, with possible quarterly releases (if required) Why is SWIFT Updating its Release Policy Principles? Source: SWIFT Premium Forum Americas, New York City, May 1st 2017
  • 5. 4© Oliver Wyman • The mandatory SWIFT 7.2 upgrade and technology refresh require: – Upgrading SWIFT software components – Upgrading operating system software baseline and move to 64 bit – Evaluation and potential upgrade of existing hardware – Significant systems and user acceptance testing – New hardware model for HSM and 3SKey tokens SWIFT 7.2 Upgrade: What is the Impact? • Full impact cannot be determined without a detailed gap analysis Source: SWIFT Website
  • 6. 5© Oliver Wyman • SWIFT Accord services decommissioned October 2017 • Customer Security Programme (CSP) compliance attestation required by December 31 2017 • SWIFT 2017 MT (FIN) and MX Maintenance Release required by November 17 2018 • SWIFT FileAct Enhancements • SWIFT 2018 MT (FIN) and MX Maintenance Release required by November 2019 (New SWIFT Trade Messages) SWIFT: What Else is Happening?
  • 7. 6© Oliver Wyman SWIFT Updates: What is the Timeline? SWIFT 7.2 Upgrade Mandatory Completion 7.2 Preliminary Release Overview Nov 2018 7.2 General Distribution SWIFT MT & MX Release 2018 Live Nov 2018 FileAct Enhancements Nov 2018 Aug 2017 Sept 2015 SWIFT MT Release 2018 Issued Dec 2017
  • 8. 7 SWIFT 7.2 & Customer Security Providing choice, flexibility & control.
  • 9. 8© Oliver Wyman • Upgrade all SWIFT Applications • Change environment –Hardware –OS –MQ • Changes to comply with Customer Security Controls Planning for 7.2
  • 10. 9© Oliver Wyman • How does it impact you (in-house)? –Services to upgrade SWIFT Applications –Costs of replacing OS –Evaluation of hardware replacement –Customer security controls changes • How does it impact you (Service Bureau)? –Supporting vendor through testing of new platform –Customer Security controls changes We understand your challenges…
  • 11. 10© Oliver Wyman 2 Options: 1) Currently In-house: - Stay in-house - Outsource all or part of the infrastructure 2) Currently outsourced: - Stay outsourced - Move in-house PayCommerce well-positioned to support both options –SWIFT Certified Specialists (for in-house) –SWIFT Certified Service Bureau What are your options?
  • 12. 11© Oliver Wyman SWIFT Architecture Connectivit y
  • 13. 12© Oliver Wyman SWIFT messaging interface (SAA) SWIFT Alliance Gateway (SAG) & SNL Back-office integration with SAA Manual End-Users of SAA Firewall Hardware Security Module VPN Appliances VPN VPN VPN Tunnel over Internet or Leased Line(s) SWIFT Web Platform (SWP) ConnectivityMessaging Swift Connectivity and Messaging Overview
  • 14. 13© Oliver Wyman Service Bureau Outsourcing Options 1 Shared Services • Multi-tenant Service Bureau 2 Connectivity • SAA and Non Swift messaging support 3 Dedicated Services • Single tenant, dedicated network / servers for messaging interface Outsourcing Options
  • 15. 14© Oliver Wyman • Functionality –2 GB file size supported (previously 250 MB) • Resilience –Automatic resume of interrupted file transfers –“Unknown” status requiring manual intervention eliminated • Efficiency –Logical file name returned in delivery notification for reconciliation Ability to use all available bandwidth –No limit on number of concurrent transfers –Dynamic control of concurrent transfers • Cannot change to production w/o SWIFT authorization –Remote file handler, SNL & SAG 7.0.50 mandatory. –Not all users are compliant. SWIFT 7.2 Upgrade – File Act Enhancements
  • 16. 15© Oliver Wyman SAA Interface changes –Only MQ Client supported, not MQ server MQ Client Version supported –8.0.0.6 except … –8.0.0.8 on Windows –IBM released MQ 9.0 on June 2, 2016 –MQ 9.0 will not be supported for 2 to 3 years Changes in MQ
  • 17. 16© Oliver Wyman Planning –Involve Business, IT & Security teams –SWIFT Best practice check tool (34 checks) –Decisions on hardware, OS, security, outsourcing –Budget approvals Preparation –Checklists (comprehensive checklist is 13 pages) –Customized for each customer –Confirmation that a checklist item has been completed –How we can help Execution –Upgrade –Test –Go live 7.2 Upgrade Process
  • 18. 17© Oliver Wyman November 30, 2018 – Will lose the ability to transact over SWIFT if migration not completed Migration window – SWIFT allows 15 months –Out of 15 months, 3 are already over – So only 12 (or more likely 11) months remaining Resources –The closer you get to November 30, the shorter the resources from vendors will be – November is also the 2018 message standards release – Plan now!! – Execute ahead of deadline The Deadline
  • 19. 18© Oliver Wyman Test Environment –March 31, 2018 –7.2 test environment available in parallel with 7.1 Production Environment –September 30, 2018 –Go live dependent on SWIFT confirmation for FileAct Service Bureau Timeline
  • 20. 19© Oliver Wyman • HSM Box – IS6 (No change) –Software version 6.1 compatible with SNL 7.0.50 – Remote PED Firmware to 2.7.0-3 – Remote PED WorkStation software to 7.2.0.1 • HSM Tokens – New, requires SNL 7.2. • SNL & SAG must be installed together – Compatible with SAA / SAE 7.1.x • SAA 7.2 – Requires SAG / SNL 7.2 – Any applications that use ADK must also be upgraded • AWP 7.2 required for all 7.2 products Alliance Products --Compatibility
  • 21. 20© Oliver Wyman • General Principles –Set-up new environment: Must get new hardware –Install new OS –Install Alliance software and import data • Upgrade Path –If HSM box, upgrade HSM software, Remote PED firmware, workstation software –Install AWP 7.2 (but retain older AWP version) –Install SNL and SAG together –If HSM token, install HSM token –Install SAA / SAE –Decommission older AWP version. Alliance Products – Upgrade Roadmap
  • 22. 21© Oliver Wyman • CSP and SIP –Customer Security Program (CSP) is for SWIFT customers –Shared Infrastructure Program (SIP) is for Service Bureaux –SIP is more extensive with on-site audit (60+ controls) –SIP being explicitly aligned with CSP in 2018 • Deadlines and SWIFT Actions for CSP Customer Security Event Deadline SWIFT Action Self-attestation Dec 31, 2017 Local regulators or supervisory authorities informed Compliance with controls Dec 31, 2018 Local regulators or supervisory authorities informed
  • 23. 22© Oliver Wyman • Collect Data –Baseline document available to help you with what data you have to collect • Enter into self-attestation application on swift.com –Part of SWIFT’s KYC Registry –This application is non-trivial. • Where you can get help –support@swift.com, 540-825-6056 –JOHNSTON Jonathan Jonathan.JOHNSTON@swift.com –PayCommerce What You need to do for Self-Attestation
  • 24. 23© Oliver Wyman • A1: Full Stack • A2: Partial Stack (Messaging in-house, Connectivity Outsourced) • A3: Software application to facilitate communication • B: No local footprint What’s your architecture
  • 25. 24© Oliver Wyman How many Controls are Applicable Architectur e A Architectur e B Mandatory 16 11 Advisory 11 9 Total 27 20
  • 26. 25© Oliver Wyman • User interface (B) • MQ (B) • File Transfer Application: Do you consider this middleware? –Yes: B –No: A3 • SWIFT or PayCommerce cannot make this decision –Your judgment and interpretation of the framework Service Bureau: Architecture A3 or B?
  • 27. 26© Oliver Wyman • Not for distribution How PayCommerce can help - 1 # Name Description 1.1 A SWIFT Environment Protection “Secure Zone” implementation 2.1 A Internal Data Flow Security Data flows between SWIFT applications 2.2 B Security Updates SWIFT application patches 2.4A B Back-office data flow security TLS, LAU implementations 2.6A B Operator Session Confidentiality and Integrity https, lock-out feature 2.9A B Transaction Business Controls RMA, Reconciliation, limit LT logins. 4.1 B Password Policy For SWIFT applications 4.2 B Multi-factor authentication For SWIFT applications 5.1 B Logical Access Controls Least privilege, segregation of duties, 4-eyes for SWIFT applications 6.2 A Software Integrity For SWIFT applications 6.3 A Database Integrity For SWIFT Applications 6.4 B Logging and Monitoring Event Journal, Automated alerting
  • 28. 27© Oliver Wyman How PayCommerce can help - 2 # Name Description 2.7A B Vulnerability Scanning Vulnerabilities within SWIFT environment 6.5A A Intrusion Detection Network activity tracked for intrusion 7.1 B Cyber Incident Response Planning Reviewed annually and tested once in 2 years 7.3A B Penetration Testing Application, host and network testing