Ambank Group, Implementing PKI In A Box
Summary
As one of the top financial institutions in Malaysia, information security is definitely an area which is important to Ambank for both to meet internal security objective and also external security compliancy. PKI has been long adopted by Am Bank where hundreds of SSL certificates have been purchased for its servers every year. Such SSL encryption technology is much needed for AmBank to ensure all confidential data transmit between server-to-server and/or server-to-browser are encrypted to prevent interception of such data. In order to implement this, SSL certificates are installed in every servers as a way of mutual authentication on both server-to-server and server-to-user. The nature of the Internet is that information usually travels through several servers. Any of these servers can pretend to be a legitimate server and trick users into sending them confidential information. Financial institutions are at a higher risk of being exposed to this problem but it can be avoided by implementing a proper PKI infrastructure and using SSL Certificate. Am bank is also looking into using SSL certificate to authenticate end points in their network.
Client name
Ambank Group
Headquarter
Kuala Lumpur, Malaysia
Description
The Am Bank Group is one of Malaysia’s premier financial services group with leadership positions in the retail banking, commercial banking, investment banking and insurance sectors. With an established history and a track record of customer focus and innovation, the AmBank Group continues to serve its customers with a wide range of innovative products and services.
Business
Challenges
Ambank has been buying SSL certificates from a trusted certificate provider. These SSL certificates are installed in every server and have to be renewed annually. As the number of servers increase every year, so is the total cost to purchase SSL certificates for these servers. Apart from that Ambank also issued self-signed SSL certificates for certain non-mission critical applications. As a result Am bank is looking for a cost saving solution that will benefit them in the long run and enables them to have a proper PKI infrastructure that is scalable and flexible.
The
Solution
SecureMetric proposed the use of PKI in a Box appliance from its partner PrimeKey AB. It includes a complete Certificate Authority System which support unlimited number of Certification Authorities (CAs) and/or subordinate CAs, Registration Authority (RA) and Validation Authority (VA). An integrated HSM brings enterprise-grade security by keeping all cryptographic keys secure.
With PKI in a Box, Am bank will have the authority to issue unlimited number of SSL certificates to each of the servers. Although initial investment has to be made to purchase and install the appliance but taking into consideration the number of servers and endpoints that will increase every year, this solution is more cost effective in a long run.
In addition to that, the proposed PKI in a Box appliance is built based on EJBCA Enterprise, a software that already validated and certified by Common Criteria EAL4+, an international standard on security evaluation.
This will eventually facilitate a good platform for Am bank to implement wider use of PKI in their internal system.
Why EJBCA by SecureMetric
The combination of good product with strong PKI domain expertise by SecureMetric and its partners together with the commitment of localized support have given SecureMetric a strong edge against other competitors.
Besides, an appliance is easier to manage and maintain, faster to install and requires less technical training.
Result
A new PKI in a Box appliance was installed for Am bank and deployed on time and within budget. Am bank now has a full blown PKI infrastructure that can be used to issue SSL certificates to servers and endpoints.
