::    home page
 ::    about us
 ::    contact us
 ::    our portfolio
 ::    our services
 ::    expertise
 ::    get a quote
 ::    careers
 

Client

 Prudential plc is a leading international financial services company with some 21 million customers, policyholders and unit holders and some 23,000 employees worldwide. In the UK Prudential is a leading life and pensions provider with around seven million customers. The engagement was for a security project for their customer services programme.

Requirements

The Customer Services Transformation (CST) programme was a major overhaul venture to upgrade the organisation wide systems to a new and consistent middleware architecture and a portal front-end. They wanted a highly scalable, reliable, transactional system which would replace most of their legacy user interfaces, and also integrate with their backend contract engines. The programme consisted of many workstreams - we delivered the security solution which was a consistent, reuseable, highly secure framework for the end to end security of the whole system. The following features were required:

  • Authorisation (Role based security - profiles based on call center personnel roles)
  • Single Signon (End to End seamless login - the credentials were transparently passed on to each sub-system)
  • Authentication (Interfacing with windows NT logon, LDAP, digital certificates)
  • Confidentiality and Integrity (SSL, encryption)
  • Security at each node (Weblogic Portal, MQ-Series, Workflow Systems, Legacy Systems, NT Security)

Challenges

  • Lack of requirements: There were a lot of workstreams who either did not have security requirements or were not aware of the security flaws in their designs.
  • Scope of the project: End to End security meant analysing the overall programme architecture to come up with the full scope.
  • Delivery Deadlines: Since this was a large/complex project, and was pretty difficult to estimate, a development methodology was required to minimise the impact on other workstreams.

Solution

  • A lot of time was invested in performing the gap analysis, chasing each project contact for their requirements, sorting out dependencies etc.
  • A full analysis was done for every project and a consolidated design deliverable was produced which addressed the end to end security. We developed a framework which provided security at every node in the network for e.g. browser, middleware, legacy systems, databases, application servers, workflow systems etc.
  • An iterative project management approach was chosen, and priorities were assigned to the components based on security risk, customer preference etc to deliver the product within time and budget constraints.

Duration

10 Months

Technologies used

J2EE, UML/V-Model, Rational Rose, Iplanet (SunOne) Directory, Weblogic 7.0 Security, Digital Cetificates/JSSE/JCA, Secure Sockets, JBuilder, PKI Toolkits, SSL, MQSeries, ActiveX, SQL, Oracle 9i, JMS

Client Benefits

  • On time delivery
  • A scalable, responsive, secure product that is being used in UK/India call centers
  • Well-defined processes and documentation
  • Faster time-to-market for products
  • Improved efficiency and cost structure while maintaining core skills
  • Lower costs without compromising quality
 






    COPYRIGHT (C) 2005, ARCHIMEDES SERVICES LTD.
    CONTACT INFO@ARCHIMEDES-LTD.CO.UK FOR ANY QUERIES.