12. 1 DataScan Company Overview
2 Compliance Requirements at DataScan
3 DataScan BEA Implementation
4 Development Operational Lifecycle
5 Best Practices
6 Questions & Answers
12
DataScan Technologies LLC – All Rights Reserved
13. About DataScan Technologies
DataScan Technologies
DataScan Technologies is a global Corporate Headquarters
leader in wholesale floorplan
accounting and risk management
systems and services.
Founded in 1989
Located in Alpharetta, Georgia
Over 45 of the most prominent
banks and captives
Operating in 15 countries
Currently manages over $45
billion in outstanding collateral
13
DataScan Technologies LLC – All Rights Reserved
14. Partial Client List
BMW Financial Comerica Bank
World Omni Financial Corp. SunTrust Bank
California Federal Bank National City Bank
Hibernia National Bank US Bank
GE Capital Toro Credit Corp
Yale/Hyster PACCAR
Bank One Manheim (MAFS)
Citizens Bank ScotiaBank
JP Morgan Chase Bank CitiCapital
Key Bank CIT Group
M & T Bank Toyota Financial Services
PNC Bank Hyundai Motor Finance
Wachovia Mitsubishi Motors Credit
Regions Bank Banknorth
Provident Bank
BB&T
Zions Bank
Huntington Bank
VW Credit, Inc.
Nissan/Renault-Mexico
New South Federal 14
DataScan Technologies LLC – All Rights Reserved
15. Wholesale Management System
Wholesale Management System (WMS)
A wholesale finance and accounting system
built specifically for the wholesale floorplan
industry.
Dealer Access System (DAS)
Allows dealerships to have Internet access
to key information in the system.
Collateral Management System (CMS)
An automated floorplan data collection and
risk management system utilizing touch
screen technology.
Nationwide Audit Services (NAS)
A turnkey audit inspection service featuring
a professional staff utilizing CMS.
15
DataScan Technologies LLC – All Rights Reserved
16. Risk Management
Step 1
Step 5 Step 2
Risk Managers Auditor and Kit
Step 4
Step 3
Workflow Engine and E-mail Notification
16
DataScan Technologies LLC – All Rights Reserved
17. 1 DataScan Company Overview
2 Compliance Requirements at DataScan
3 DataScan BEA Implementation
4 Development Operational Lifecycle
5 Best Practices
6 Questions & Answers
17
DataScan Technologies LLC – All Rights Reserved
18. Business Drivers
Mission critical application for banking and automotive
industry managing over $45 billion in assets
• Time to market
• Buy vs. Build
• Time/resources required for implementation and policy
changes << Key
• Performance impact
• Security compliance
SAS70 Type 2
GLBA/SoX
BITS/CC-MSR
ISO 27001
BRMMI/PriSM
18
DataScan Technologies LLC – All Rights Reserved
19. Challenges
Require a new Security Platform for replacement of legacy-
based ASP financial services system with global existing
install base
Legacy system has embedded, customer-specific security
logic
High maintenance required for security policy changes
Annual corporate audits (internal, SAS70 Type 2)
Bi-annual customer security open-house
Unscheduled customer ethical hacks
Rapidly evolving financial industry security requirements
(BITS, ISO 27001)
19
DataScan Technologies LLC – All Rights Reserved
20. Compliance Overview
Sarbanes Oxley Regulations
• Requires internal controls or rules in place to ensure
integrity of financial information
• Section 404 – Internal controls
Graham Leech Biley Act (GLBA)
• SEC 501 is centered around the admin., physical, and
technical safeguards over non-public customer
information
BITS
• Common Criteria Master Security Requirements
• Security for the security system
ISO 27001
• IT Systems Management and Governance
BRMMI/PrISM
• Upcoming Business Resiliency Maturity Model
• Over 750 practices merging
COBIT, BS7799/ISO17799, ITIL, ISF, NIST 800
series, SEI BOK, DRII
20
DataScan Technologies LLC – All Rights Reserved
21. Compliance-Based Design
Prioritize design around “required” BITS topics
Consolidate past ethical hacks and audits
Time boxed delivery, focus on good design
Balance delivery priorities with risk analysis
Security Compliance Road Map
• Policies
• Processes
• Controls
• Audits/Monitoring
21
DataScan Technologies LLC – All Rights Reserved
22. ALES Compliance Mapping
Compliance based
requirements and
design
Transparent security
implementation
Standards support
• SAML
• XACML
22
DataScan Technologies LLC – All Rights Reserved
23. 1 DataScan Company Overview
2 Compliance Requirements at DataScan
3 DataScan BEA Implementation
4 Development Operational Lifecycle
5 Best Practices
6 Questions & Answers
23
DataScan Technologies LLC – All Rights Reserved
25. ALES Implementation
Architecture Overview
• Plain Java, Leverage BEA
25
DataScan Technologies LLC – All Rights Reserved
26. ALES Deployment
Operational Overview
1. Cluster
2. JVM
3. Managed Server
4. Sessions
5. ALES SSM
6. Connection Pools
7. EAR Deployment
8. Security Policy Administration
9. Portal Desktop Administration
26
DataScan Technologies LLC – All Rights Reserved
27. 1 DataScan Company Overview
2 Compliance Requirements at DataScan
3 DataScan BEA Implementation
4 Development Operational Lifecycle
5 Best Practices
6 Questions & Answers
27
DataScan Technologies LLC – All Rights Reserved
28. Development Team Composition
BEA Professional Services
• Initial Proof of Concept
• Assistance with design
• Working construction road map
Development Team
• Back End and Front End teams
• Security team
• Continuous builds to QA
• Authentication only
• Portal based security
28
DataScan Technologies LLC – All Rights Reserved
29. Operational Lifecycle
Security Development Team
• Specialized, with contractors
IT Administration
• Security administrators (2-3)
• Dedicated with back-up
Documentation and Checklists
• Packaged deployment
29
DataScan Technologies LLC – All Rights Reserved
30. Operational Environments
Distinct Environments
• Development, QA Smoke Testing and Functional Testing
“Live”, Customer Beta/UAT, Support, Production and
Disaster Recovery
Utilizing Virtualization
Growth and Performance
• Current production list includes four major financial
institutions
• Rolling out to all customers over the next two years
• Utilizing virtualization
2 x 4-way Dual Core 64 bit RedHat Linux AS 4.0, 32Gb
RAM, XEN environments
800+ users daily CPU load not exceeding 3%
Risk Managers, Bank Users, Dealerships 30
DataScan Technologies LLC – All Rights Reserved
31. 1 DataScan Company Overview
2 Compliance Requirements at DataScan
3 DataScan BEA Implementation
4 Development Operational Lifecycle
5 Best Practices
6 Questions & Answers
31
DataScan Technologies LLC – All Rights Reserved
32. Why BEA?
BEA Selection Criteria
• Track record and solution completeness
• Product suitability
Architecture
Road Map
• Support
Key Factors
• Provides an elegant means to extract Security Logic
from the application
• Disconnected design provides high performance and
resiliency
• Provides flexible configuration with minimal maintenance
and operational resiliency
32
DataScan Technologies LLC – All Rights Reserved
33. Kick Off
Step by Step – Key Success Factors
• Proposed Project
Project plan called for a three month implementation for
pilot target
• Gain Sponsorship
Demonstrate value: Prototype and POC
Leverage existing platform
• Establish Goals and Value Proposition
Capitalize on performance
Create gurus: Early mastery and battle scars
33
DataScan Technologies LLC – All Rights Reserved
34. Best Practices
Partner with BEA Professional Services, leverage BEA
Support (Hotline, Website) and BEA Educational
Services classes
Train IT first! System administration is key
Build a workable environment (workstation/server)
Integrate prototypes into plan
Focus on what works, take risks where they are
manageable
Integrate BEA with other departments early
(IT, Support, etc.)
34
DataScan Technologies LLC – All Rights Reserved
35. Looking Forward
Customer and Regulation Driven
• SAML Implementation
• Refinement of standards and compliance
• Full security-visibility throughout architectural stack
35
DataScan Technologies LLC – All Rights Reserved
36. 1 DataScan Company Overview
2 Compliance Requirements at DataScan
3 DataScan BEA Implementation
4 Development Operational Lifecycle
5 Best Practices
6 Questions & Answers
36
DataScan Technologies LLC – All Rights Reserved