Security and privacy standards
Financial Services applications and integration solutions developed using Microsoft BizTalk Accelerator for SWIFT (A4SWIFT) are generally secured by native BizTalk Server security features. BizTalk Server uses aggressive security mechanisms such as de facto Internet encrypted messaging standards and transport protocols, signing certificates, Windows Authentication, and Enterprise Single Sign-On to secure BizTalk Server applications, data, and runtime.
Solutions built with Microsoft Windows 2000, BizTalk Server, and A4SWIFT can help you to meet the security and privacy guidelines for Society for Worldwide Interbank Financial Telecommunication (SWIFT) financial transactions.
In addition to native BizTalk Server security features, A4SWIFT provides user-level security specific to securing end-user message entry, repair, approval, and submission of SWIFT messages. This security is achieved by using InfoPath digital signing technologies and by using A4SWIFT runtime services to verify certificate and data integrity.
It is important to consider measures for securing your SWIFT messages and the information they contain when they are entered or edited by end-users, in transit, and while BizTalk Server processes and stores them.
Together, BizTalk Server and A4SWIFT provide the platform, infrastructure, and tools for designing, developing, and executing secure SWIFT messaging and workflow automation systems.
When implementing security, you must design and develop many areas. The following list is a high-level view of these areas:
Develop an IT security policy
Design and implement a defense strategy
Design and implement a server lockdown strategy
Design and implement an antivirus strategy
Design and implement a backup and restore strategy
Design and implement an update management strategy
Design and implement an auditing and intrusion detection strategy
Design an incident response plan
The information provided in this topic does not cover all the information in the preceding list or deliver a financial services-compliant solution. The purpose of this topic is to provide a good starting point and to help underscore the importance of a structured and comprehensive approach to security.
This section contains: