Driven by a globalized economy, an increasing skill shortage and a growing awareness for work and family life balance, banks face surging challenges concerning the flexibilization of working hours and work locations. This results in the necessity to open usually isolated applications or systems insofar as to provide remote access under the observance of the highest security requirements.

Banks are a particular lucrative target ‒ not only for financial, but also for political reasons as they play a vital role in our economy.
The challenge is to implement an external access to central IT systems in the different application areas while meeting the highest IT security requirements.

ECOS solutions offer a broad range of applications for the banking and insurance sector.

  • Home workstations

    To promote work and family life balance or support few mobile employees, part- and full-time home office constitutes a large relief which results in an improved productivity. However, tight budgets frequently don’t allow to provide employees with company notebooks, Moreover, they would also take up too much space on the desk at home. So what is needed are solutions that allow the usage of private PCs under the observance of highest security requirements, data protection regulations and policies regarding the use of private hardware.

  • Executives

    Executives endeavor to work after office hours, on weekends and sometimes even during their vacation and therefore need access to all relevant systems and applications. Since it isn’t everyone’s cup of tea to permanently carry along the company notebook, a highly secure access from a private or even public PC should be warranted at any time.

  • International activities

    When travelling abroad, different national entry requirements may entitle local authorities to examine notebooks and further storage media which is why many companies prohibit the storage of customer data on notebooks. Also, particular precautions must be taken in some countries to prevent espionage attacks.

  • Controllers and comptrollers

    Because of their cross-functional analysis, controllers and comptrollers need a broad access to all systems of the company. They therefore represent a particularly attractive target for potential hackers, industrial espionage attacks or espionage attack from other nations which is why this kind of external access requires a high security level.

  • IT administration

    Banks present a very complex IT infrastructures. Maintenance engineers therefore need a highly secure access to all systems around the clock. As these systems are of vital importance, a high level of protection is imperative to prevent unauthorized access.

  • Connection to branch offices

    While larger branch offices are usually connected through MPLS networks, smaller offices require more flexible and budget-friendly solutions. Most often, a secure access to the existing terminal server or virtual desktop infrastructure is the simplest, safest and cheapest solution. Besides, the solution should be maintenance-free as small branch offices usually don’t have IT professionals on-site.

  • External service providers

    For software development, IT maintenance and user support, banks often have recourse to external service providers. To fulfil their tasks, be it internally or externally, appropriate possibilities of access are required. Accessing the internal IT infrastructure puts particularly high requirements on IT security, especially when access is effectuated from notebooks brought along by staff.

  • Emergency workstations

    In times of global climate change, increasing extreme weather events, growing risk of pandemics, rise of blockades and terrorist attacks, the banking sector must be able to warrant emergency operations. While IT systems usually are redundant, the staff’s workstations are not. An immediate, but nevertheless secure usage concept for private PCs should be part of any prevention plan.

Different requirements need different solutions. The use of ECOS technology allows you to combine various methods under a central management.

Highly secure access with ECOS SECURE BOOT STICK

For access to sensitive data or internal IT systems, we recommend the use of ECOS SECURE BOOT STICK (SBS).

Once the stick plugged in, the PC starts within a specially hardened ECOS Secure Linux environment. The local hard disk and its operating system remain deactivated, no potential malware can therefore be activated.

ECOS SECURE BOOT STICK is also part of a certificate-based two-factor authentication. Only the combination of username, password and personal stick allows access to the internal infrastructure.

After successful authentication, the user gets access to his usual terminal server or virtual desktop infrastructure, respectively to the usual web applications. ECOS SECURE BOOT STICK ensures a hundred percent separation between official and other usage of a PC. Residual files or spying on data through Trojans are excluded. Additionally, an integrated firewall prevents attacks from the same network. In reverse, the administrator’s access to personal data such as e-mails or photos of the user is prohibited,

When a flexible remote access under a running operating system is of greater importance than a complete isolation of the guest PC, we recommend the following solutions:

A safe and flexible access with ECOS MOBILE OFFICE STICK

ECOS MOBILE OFFICE STICK can be used on any PC or Mac and contains all software required to set up a secure VPN tunnel as well as the necessary clients for access to Citrix, Microsoft Terminal Server, VMware View or web applications. All applications are executed within an isolated sandbox.
ECOS MOBILE OFFICE STICK is also part of a two-factor authentication and therefore prohibits unauthorized access.
The stick can be used on any PC or Mac, requires no prior installation, no configuration, no administrator permission, and leaves no traces on the used device.

Ad-hoc access via browser

For users who only need an ad-hoc access to data or applications, we recommend the usage of ECOS VIRTUAL WEB CLIENT (VWC). A VPN client and, depending on the requirements, either an ICA, RDP, VMware View client or a browser of a particular version will be loaded through a standard browser. The software is automatically executed in a sandbox, no prior installation or configuration work will be necessary.
A two-factor authentication by SMS or OTP token is supported for logon.
The licensing of ECOS VIRTUAL WEB CLIENT can also be effectuated for named or concurrent users. ECOS VIRTUAL WEB CLIENT thus also acts as fallback in case a user should have forgotten his ECOS stick. Different access permissions can be assigned to users through gradual permission settings according to whether they use ECOS SECURE BOOT STICK or ECOS VIRTUAL WEB CLIENT.
Central management and remote update
All ECOS access components are administrated through a central user and permission management. Access permissions can thus be remotely updated or revoked, for example in case of loss. The corresponding license is simply reassigned to a new stick
The software is remotely updated in the background, so no user interaction will be required.

Andre Gruss
Sales International

Tel: +49 (6133) 939-200

Contact form