National Bank of Abu Dhabi Secures Data in Transit
Uses Attachmate FileXpress to Standardise File Transfer Process

The National Bank of Abu Dhabi (NBAD), The Number One Bank in UAE, was incorporated in 1968. NBAD operates in 13 countries on four continents. It has a network of more than 120 branches and 500 ATMs in the UAE, and provides 24/7 account access via Internet banking, an SMS-based payment service, and a 24-hour call centre.

Since 2009, NBAD has been ranked as one of the “50 Safest Banks in the World” by Global Finance magazine. In 2011, Euromoney magazine also named NBAD the Best Bank in the UAE for the third consecutive year and for the fifth time in a decade.

NBAD began looking for the best way to strengthen security for data in transit while adhering to industry regulations, such as PCI DSS. The bank found all that and more in the FileXpress enterprise-level managed file transfer solution from Attachmate.

Stronger Security, Compliance Requirements

NBAD’s strategic vision, defined by Group CIO Mr. Srood Sherief, included strengthening security and facilitating regulatory compliance. To realize this vision, Head of IT Infrastructure Mr. Hossam El Korbasy needed an enterprise-strength managed file transfer solution that could:

1. Secure and facilitate interactions with business partners.
2. Establish a secure and manageable process for deploying updates to customer-facing websites. 
3. Adhere to current and upcoming regulations related to data management and transference within the bank, especially the management of credit card information as defined by Payment Card Industry Data Security Standards (PCI DSS).

Ultimately, NBAD hoped to find a solution capable of defining a company-wide, policy-based standard for all file transfers. The bank planned to launch the chosen solution in clearly designed phases that could be measured for success and refined as needed.

FileXpress Delivers on Flexibility

With Attachmate FileXpress, NBAD found the flexible solution they needed. For starters, FileXpress worked seamlessly within NBAD’s existing Windows and Unix (Solaris) framework, so all projects were able to move forward without any environmental adjustments—a bonus from a cost-savings perspective. What’s more, FileXpress accommodated NBAD’s plan to adopt a phased approach to implementation.

Phase 1 consisted of a small, well-defined project aimed at quickly enhancing NBAD’s reputation with business partners and meeting legislative requirements regarding the transfer of sensitive information. Measured by the bank’s key performance indicators, this phase was a resounding success for these reasons:

• Support for multiple secure file transfer protocols eliminates the need for partners to change their own transfer standards. 
• Automated features save time and money by reducing unnecessary manual labor costs related to writing and maintaining complex scripts. These features include:
  • Email notifications for successful file transfers and email alerts for  failed file transfers.
  • Error-handling routines that automate the actions required when a file transfer fails.
  • Checkpoint restart, which allows a stalled file transfer to resume  where it left off instead of at the start of the file.
  • Post-processing actions that automate the initiation of post-transfer activities.
• A single repository for reporting and auditing enables the bank to easily view 1) access rights (e.g., user A has access rights to business partner C’s FTP/SFTP server), and 2) file transfer activity at the user level.
• Support for the latest authentication, authorization, and encryption technologies helps NBAD comply with data security mandates such
  as PCI DSS.

By the end of Phase 1, NBAD had implemented a highly configurable, maximum-strength security solution that could match or exceed the security level of any partner. This solution also provided the comprehensive support needed to comply with internal and external security mandates.

Phase 2 consisted of standardising and securing the process for updating public-facing websites, which are held in the Demilitarised Zone (DMZ). With FileXpress, NBAD now has a secure and reliable way to push updates out to the web application server, either manually or on an automated schedule.

Phase 3 involved extending the use of FileXpress to internal transfers—thereby establishing a standard, enterprise-wide process for all file transfers occurring between servers inside of NBAD’s corporate network and data centre.

The PCI Security Standards Council

The PCI Security Standards Council offers a range of resources—including specifications, tools, and measurements—to help organizations ensure the safe handling of cardholder information. The keystone of protection is the PCI Data Security Standard (PCI DSS), which dictates rules for handling sensitive cardholder data, both in-transit and in-storage. PCI DSS provides an actionable framework for developing a robust data security process—including prevention, detection, and responses to violations.

A Standard Security Policy for Data in Transit

 “The most important aspect of the project was working with a partner who understood the enterprise vision,” said Mr. Mahmoud Yassin, lead security engineer for NBAD. “Attachmate was one such partner. In the first project, the combination of their professional approach and robust, enterprise-level software solution gave us the confidence to move forward.”

With FileXpress, NBAD has been able to improve interactions with partners and customers; secure external file transfers; adhere to data security regulations, including PCI DSS; and standardise data-in-transit policies throughout the bank. Building on the FileXpress foundation, the bank now has the flexibility to move forward with new products and services as needs arise.

The winning formula for NBAD was the fact that the solution was introduced, serviced, and supported by Attachmate’s regional office—resulting in fast and agile responses. This more personalised service demonstrates the depth of knowledge that runs through Attachmate.