Standard Life widens its defences

Customers will be able to gain access through company intranet

Customers can access services from their intranets

Standard Life has bought a multimillion-pound off-the-shelf security system from Oracle that will allow customers automatic access to online services if they are logged in to their company intranet.

The software will underpin the financial services firm’s global operations and will allow corporate customers to access its asset management and online banking services without the need for further authentication after they have logged on to their company systems.

The aim is to push the security wall further away from individual applications, said Standard Life’s chief information security officer, Brian Barbour.

“We have moved our security layer out from the level of applications to an outer layer. This will allow people logged on to another company’s intranet to pass seamlessly through security,” he said.

Customers will still have separate user identifications and passwords should they not be accessing Standard Life’s services through their company intranet.

The software continuously keeps an eye on the transactional behaviour of a user, rather than evaluating them once at log-in.

Pushing security further away from applications onto an underlying global platform will allow Standard Life to make quicker security policy changes and means the application development process can be speeded up.

The UK and Canada will be migrated to the system by the end of this year, while operations in all other countries will be moved across by the end of next year, said Barbour.

“The idea is that a customer will have exactly the same security experience wherever they are in the world,” he said.

Barbour agreed that there was an element of risk in integrating systems in this way, and that trust in partners’ authentication processes was crucial.

In future, the platform will allow Standard Life to offer different forms of authentication process such as selecting a picture from a group of images as well as varying policies according to a user’s location and the time of day.

Ant Allan, vice president of research at Gartner, said such a system had a variety of benefits for all partners. “Both parties benefit from administration and user support cost savings, while users have to remember fewer passwords,” he said.