Articles / Case Studies
Home | Consultancy | Articles / Case Studies | City Based Asset Management Company
Software stems information seepage in
the City
`Knowledge is power` goes the old adage and it rings true daily in
the City of London, newly elevated to the status of the world’s
leading financial centre.
Billions of pounds are traded every day on the stock markets and
City institutions charged with the responsibility of managing their
clients’ funds, whether individual or corporate, jealously guard
their knowledge base for the security of both their customers and
themselves.
That knowledge is now just as likely to be sophisticated software as
it is the experience residing in the heads of brokers, traders and
financiers.
In today’s global economy, a single item of information
inappropriately received and utilised can send share price shudders
and shock waves reverberating across every continent - so it pays to
keep internal systems tightly controlled.
When even the merest hint of a security breach is suspected, it may
be time to review those systems as a matter of the utmost urgency
therefore.
One City-based asset management company recently had cause to
suspect that some of its internally produced documents were being
viewed by unauthorised `eyes` for their own gain.
“We were concerned that some information was being sent to service
providers such as clients and trading counter-parties that was being
forwarded to others for their own benefit,” said one of the
company’s senior managers. This “information seepage” wasn’t
impacting their business, he stresses, “but we certainly were not
happy about it and wanted to bring the leakage more under control.”
Some years ago, the company had reviewed products that controlled
document access “but we encountered major problems with rolling them
out to end users”, he continues. “The products were not industry
recognised names and we would have needed a great deal of
certification work to be completed with counter-parties. So we
decided to go to the marketplace for an industry-recognised
solution.”
The Adobe®Livecycle® Policy Server was their preferred option for
one crucial reason, he explains. “In 99% of investment banks,
Adobe®Livecycle® Policy Server is recognised and approved. We needed
to install a system on individual workstations that would be
certified with investment banks so that trading counter-parties
could use the software to view documents.
“The big driver for change was the need to select a product that
enabled users to access information easily and securely. We
approached Adobe and explained what we trying to do and they put us
in touch with ROCC.”
Andrew Westhead, Business Manager of nationally-based ROCC Computers
Ltd takes up the story. “When documents are being sent outside an
organisation, there is a need to ensure that only those authorised
to view them do so. Our solution for the client was a combination of
industry-standard software – the Adobe®Livecycle® Policy Server, and
a bespoke system that gave them an added level of flexibility both
inside and beyond the corporate firewall.”
“Adobe®Livecycle® Policy Server is designed to manage information
access more securely with `dynamic, persistent` document control”,
Westhead explains. The software offers a convenient, effective
solution for managing and monitoring the use of mission-critical
electronic documents. Using the policy server allows users to
consistently apply policies to control access and use of documents
no matter where they are – online or offline or inside or outside
the organisation’s network.
An author creates a document using a desktop application such as
Microsoft Word and converts it to an Adobe PDF file using Acrobat,
then can select an existing security policy from the policy server
or create a new one.
The policy is applied to the Adobe PDF file and the author can
distribute the file in a variety of ways, including email, on a CD
or posting it to a website. No matter how the document is delivered,
the policy goes with it.
Before allowing other to access the document, the server
authenticates the recipient against credentials stored in the
company’s authentication directory. The recipient can use the
document only according to the controls established in the policy.
The software also allows the author to check on the recipient’s
actions and to change the security policy for the documents
previously published.
“Beefing up document security is part of a rolling programme of
implementing tighter controls”, the company’s senior manager
continues. “We’re looking to make the vast majority of our external
data more secure and our next step is to look at internal
documentation as well.”
“Particularly satisfying for the company is the measure of control
that ROCC’s bespoke solution has brought to their security drive”,
he reports. “We like the level of security the system provides. We
now can determine who looks at documents and when. Every user logs
on and enters their password, registering them on the server,
telling us who has opened the file and from which IP address,
allowing us to track the process.”
“Accessing documents out of hours can spark suspicion”, he explains.
“If we see a pattern emerging – regular access at weekends for
example, or in the evenings – we might want to investigate further.”
“The ease with which new users can be set up to use the system
represents another key benefit”, he continues. “Very little
configuration on the workstation is necessary and there’s also
little overhead support needed for those using the policy server.”
“ROCC installed everything, configured the system, conducted
training in-house and maintain dial-up support following the system
going live at the end of April 2007, the senior manager says. “If a
message error is generated, ROCC will be aware of it and can act
accordingly. They know the product very well and have developed it
further in line with our requirements. They understood exactly what
we wanted to do. Maintaining market position in the City can rely on
many factors and fresh application of standard software can be one
of them”, he concludes. “In doing what we’ve done here, we are not
trying to damage any reputations but to protect the confidentiality
of the information that we generate, and in so doing help us keep
competitive edge.”
Learn More:
Adobe® Livecycle®
