northern trust case study from gartner catalyst 2012 featuring layer 7 mobile access gateway: beyond...

northerntrust.com© 2012 Northern Trust Corporation

Christopher Price Vice President The Northern Trust Company

A Gartner Catalyst Case Study 2012.08.20

N O R T H E R N T R U S T

Beyond the Wireless Tether An “Occasionally Connected” Architecture

http://www.northerntrust.com/

2 “Beyond the Wireless Tether” - Gartner Catalyst 2012

About me…

Architecture and Innovation Team member

IT Standards and Guidance

Evaluation of New Technologies

R&D for High Value Projects

At Northern Trust for 7 years, experience with:

Enterprise Architecture

Software Design and Development

Christopher Price Vice President, The Northern Trust Company [email protected]


Agenda

Background on Northern Trust

Determining the Requirements

Application Architecture

Infrastructure

Security


Assets under custody US$4.6 trillion

Assets under management

US$704 billion

Banking Assets US$94 billion

*As of 30 June 2012

Northern Trust Overview

Founded in 1889, Northern Trust Corporation is a global leader in asset servicing, asset management, wealth management, and banking for personal and institutional clients.


A network of offices in 18 States and Washington D.C.

Bangalore Beijing Hong Kong Melbourne Singapore Tokyo

London Luxembourg Stockholm

Guernsey Jersey Limerick

Abu Dhabi Amsterdam Dublin

Chicago (Corporate HQ) Toronto New York

Northern Trust’s Global Presence


Agenda




Infrastructure

Security


Having “zero bars” shouldn’t hinder the conversation!


Relationship managers want latest mobile technology but need:

All data necessary to conduct meeting

Minimal distractions

Ability to work anywhere the client is located

Focus on what matters to clients, not on technology.


Business Requirements

WELCOME - Today’s Agenda 9am – 9:05am Attempt to connect to available Wi-Fi with incorrect settings 9:05am – 9:15am Give up and struggle with slow 3G connection 9:15am – 9:20am Locate presentation materials with assistance from help desk 9:20am – 9:30am Diagnose problems with projector and screen 9:30am – 10am Finally… Discuss client’s financial goals

Need to avoid this situation….


Disconnected mode Maximize time with client No connections to establish. No interruptions caused by poor reception, network outage, etc.

Quick Highly responsive user interface by minimizing server requests. Not relying on slow connections to transfer large documents during meetings.

Reach Client meeting location not bounded by reach of antennas. Want to accompany the client on their yacht? – No problem.

Security Highly sensitive client data being stored. Mobile device more susceptible to loss and theft. Primarily using untrusted networks.

Technology Requirements

The two primary technology requirements...


Agenda




Infrastructure

Security


Need to establish formal guidance for building mobile solutions at Northern Trust with help from vendors, consultants and peers.

The result: Northern Trust Mobile Strategy and Reference Architecture

Architectural Choices

Architecture contains developer guidance: • Style of app: web, native, or hybrid • Security • Device support • Service development • Etc.

Strategy contains guidance for management: • Definition of mobile apps, devices and content • Governance recommendations • Usage Policies • Risks • Etc.

“Got the requirements, let’s build a mobile app!” ...not so fast.



First major decision…web, native or hybrid*?

Web/Hybrid Native

* Defined as a thin native wrapper around a primarily HTML/JS view. Hybrid apps fall within a spectrum between web and native depending upon how many native features are utilized.


1) Secure offline operation Secure local storage “Why not HTML5 local storage?”


Decision: Native Application Architecture

Size restrictions (app is a storage hog!) Reliability – browser cache easily erased Security concerns

2) Superior presentation Better appearance Greater app awareness

3) Performance Fewer round-trips to server Quicker rendering


Web or hybrid apps are preferred because: Cheaper to build with in-house web expertise

Majority of effort is reusable

Can be indistinguishable from native with HTML5/JavaScript

Quicker to deliver new features


BUT: Typically don’t recommend native at Northern Trust



Gartner, 2012


Agenda




Infrastructure

Security


1. User places documents in folder on internal portal 2. Synchronization initiated by user from iOS app while online 3. Middleware sends updates back and forth between mobile

app and source systems.

Infrastructure


Decision: iOS Platform Only Internal application. Control of device choice Users more familiar with Apple products. Less training. Fewer platform specific updates.

Infrastructure

2012 Market share

http://www.gartner.com/it/page.jsp?id=1980115

Apple Android Microsoft Other


Decision: Vended service gateway Layer 7 is edge security for external services Integration with authentication providers Speaks multiple security protocols Custom solution added no value

Infrastructure

http://www.gartner.com/technology/reprints.do?id=1-17Q04QM&ct=111019&st=sg


Decision: ReST over SOAP Lightweight - important for mobile

Heavier SOAP difficult to handle on mobile client.

Mobile clients have APIs for handling basic URL calls

Poor web service support in iOS/Android unlike in Java or .NET

Infrastructure


Decision: Custom Middleware Purpose – Extract data from source systems, feed to mobile client apps

Why Custom?

Anticipated consolidation within market for mobile middleware (MEAP)

Cloud based solution not acceptable for use case

Custom source system integration

Infrastructure


Agenda




Infrastructure

Security


Over the wire OAuth 2.0 Popular standard for cloud APIs Open to federation in future with 3rd parties Easy to use with ReST services

Two-factor Access token required due to sensitivity of data RSA SecurID Software Token + iOS SDK chosen for limited

user involvement Better user experience, but still as secure as physical token

Security

Decision: Plan for the worst with numerous security layers


On device Mobile Device Management (MDM) Passcode requirement Remote data wipe

Local Authentication Support offline identification of users Future SSO with all Northern Trust applications

Local Encryption Secure whether online or off Strongest available algorithms Double security – iOS platform and custom

Security


Summary

Listen to your clients

Define your Strategy

Design for Resilience

Go Web by default

Buy a Gateway

Caution: Middleware

Security: Plan for a worst case


Questions?

Thank you for attending!

northern trust case study from gartner catalyst 2012 featuring layer 7 mobile access gateway: beyond...

Technology

northern trust web

northern trust corporation

northern trust company

northern trust overviewfounded

northern trust mobile

gartner catalyst case

native wrapper

native features