Alcatel 8550 User Manual

Alcatel-Lucent OmniAccess 8550
Web Services Gateway

Secure and auditable web services for financial institutions

Multiple systems in the financial industry — loan and mortgage applications,
risk reporting, offline batch processing, Internet banking, enterprise resource
planning (ERP), and customer relationship management (CRM) — operate
together to process billions of daily transactions. Technology is imperative
to keep the financial engines running. However, when using a variety of
solutions, it is difficult to integrate enterprise class authentication, authorization
and auditing into a group of disparate IT systems and still maintain
information security, corporate governance and regulatory compliance.

The leading technology to facilitate interoperability between

disparate business systems is to use a common element through

which all services can operate. Service-oriented architecture (SOA)

is widely used in the financial industry as a flexible modular

framework designed to enable interoperability as a service over

a network (Internet, intranet, extranet). The greatest strengths of

SOA environments are providing business agility and IT system

re-use through flexibility and openness.

However, like a double-edged sword, it is also a SOA’s greatest weakness,

because by default, an SOA has minimal authentication and authorization

mechanisms and lacks functions critical to financial institutions such as

consolidated auditing and policy enforcement capabilities. The sensitive nature

of the information routinely handled by financial institutions demands

enterprise-wide role-based authentication of users, run-time authorization of

transactions, and consolidated audit trails to create a historical record for

corporate governance and to demonstrate regulatory compliance.

The true burden of all

financial institutions is to

have the ability to easily

and accurately prove

that each transaction is

completed according to

regulatory and corporate

governance standards.

2 Alcatel-Lucent | 8550 Web Services Gateway

“… any [SOA] system is inherently insecure the

Batch Processing

Internet Banking

Mortgage Application

eSales Portal Sales Force

Remote Datacenter

CRM Systems

OA8550 WSG

DMZ

OA8550 WSG

ERP Systems

Primary Datacenter

Financial Systems

OA8550 WSG

moment you open it up to the outside world….”

Butler Group

OMNIACCESS 8550 WEB SERVICES GATEWAY

The Alcatel-Lucent®OmniAccess™8550 Web Services Gateway (WSG), deployed as in

Figure 1, provides reliable enterprise-wide user-centric stateful policy enforcement with

consolidated audit trails to web-enabled services, data, applications and business processes.

Once deployed, the OmniAccess 8550 WSG provides a secure application-independent

infrastructure to share web services between financial institutions and their partners

regardless if the services are local or external (outside the firewall). The benefits gained

are corporate-wide security risk management capabilities, end-to-end enterprise-class

data and identity security (encryption, digitial signing, and single identity), and stateful

(multi-transaction) run-time policy enforcement to ensure compliance with consolidated

audit trails to demonstrate compliance.

Figure 1. Example OmniAccess 8550 Web Services Gateway Deployment

3Alcatel-Lucent | OmniAccess 8550 Web Services Gateway