The Avanpost 3.0 PC in "MTS Bank"

In February, 2013 the Avanpost company, the developer of the systems of identification and access control to information resources of the enterprise (IDM), announced completion of implementation in JSC MTS-Bank of a system of centralized operation by the PKI infrastructure integrated with the personnel system and the certification center (CC) of Bank and also with the system of the remote banking (RB). The integrator – HELIOS of IT company became the contractor, and as a technical basis solutions are used crucial elements of a product line "Software Package (SP) Avanpost 3.0" of the Avanpost company: the module Avanpost PKI and connectors responsible for its interaction with the ICs different elements of the customer.

In the project it was fully succeeded to implement requirements of FSB for accounting of the means of cryptographic information protection (MCIP) and accounting of key information media (tokens). In this respect the system implemented in "MTS Bank" is unique.

MTS-Bank (till February 20, 2012 – JSB Moscow Bank for Reconstruction and Development (IBRD)) is the large universal Russian bank of federal scale entering into diversified holding of JSC AFK Sistema and locating 15 branches and 120 offices. The bank services accounts and provides crediting of corporate clients, also work in security market falls within the scope of its interests. Besides, since 2003 the Bank actively develops the retail direction, in particular, issues plastic cards and works with deposits of the population. An important priority of "MTS Bank" for the next years is accumulation of volumes of business in regions of the Russian Federation. So, within implementation of this strategy, last year Dalkombank – one of the largest banks of the Far East region having here an extensive branch network was attached to "MTS Bank". Now MTS-Bank is head enterprise of the international banking group which also includes IBRD-Finance investment company and the credit and financial organization East-West United Bank S. A. (Luxembourg). Naturally, so large-scale business makes greatest demands on cybersecurity.

This project was directed to considerable acceleration of the procedures opening for employees and clients of bank access to electronic document management systems – at simultaneous decrease in load of IT department, service cybersecurity and personnel of UTs of Bank. Besides, the created system had to provide a timely response and automatic blocking of public keys of clients and in case of their compromise, and at the expiration of service. During implementation all these objectives were achieved, and due to control automation PKI infrastructure practically excluded influence of "a human factor" on information security.

The project consisted of two stages. At the first stage (July-October, 2012), the solution at first underwent comprehensive testing in a pilot zone where within one and a half months the customer estimated functionality of a product and convenience of work with it. Then test operation in which several divisions of "MTS Bank" participated began long (about three months). Based on these tests which confirmed the stated characteristics of the Avanpost PC and the created system the decision on transition to its full-scale implementation to infrastructure of Bank was made. This work took one and a half months and was completed in December, 2012, and during the last stage the complete set of project and operational documentation was prepared.

"Without scalable PKI infrastructure the modern bank practically cannot develop, together with growth of number of employees and complication of an applied part of the IC, both costs for observance of regulations, and the risks of cybersecurity connected with their violation promptly increase. In turn, it limits possibilities of bank on connection of clients to the systems of legally significant electronic document management, i.e. cuts the most important reserve of increase in efficiency and customer focus, – Anton Pletnev, the deputy head of department of cybersecurity of "MTS Bank' says. – Understanding special importance of this project for preserving of high rates of development of our bank, we, naturally, carefully selected the contractor and a technology platform of the solution. The result, perhaps, even exceeded expectations. Now we consider the possibility of acquisition of IDM system module of the Avanpost PC for control automation by accounts of employees in information systems".

"Banks traditionally are large consumers of PKI, but many such organizations underestimate impact which control automation by infrastructure of PKI and its integration with other IC elements has on real efficiency of this technology. As a result, "the human factor' often becomes "brake' of business processes, – Denis, the director of the department of cybersecurity "HELIOS of IT' says the Hot dry wind. – The system unrolled in "MTS Bank' can be an example absolutely of a different approach when the organization which earlier implemented a number of the IB progressive technologies purposefully coordinates them in a uniform complex completely to realize their potential and to receive from them the maximum return".

"Modern hardware of authentication are exclusively convenient, reliable and functional. As a matter of fact, without them it is impracticable to implement many modern requirements of cybersecurity, for example, to increase the frequency of change of passwords (at simultaneous increase in their firmness and security), – Sanin Alexander, the commercial director of the Avanpost company says. – Moreover, now the far-sighted organizations begin to consider the PKI and IDM systems not in a separation from each other, and in a complex. And this principle behind which the future, it initially was the basis for the software package Avanpost – as well as compliance to requirements of regulators or simplicity of integration with other IC elements. And "MTS-Bank' quite so sees development of the cybersecurity system. Therefore it is so important that the implemented solution not only "closes' all assigned tasks, but also provides to the customer an evolutionary way to the future".