Commonwealth Bank of Australia has had a rough couple of days; with high levels of traffic forcing it to take its internet banking service down at times. But what was really going on behind the scenes?
Commonwealth Bank of Australia has had a rough couple of days; with high levels of traffic forcing it to take its internet banking service down at times. But what was really going on behind the scenes?
Michael Harte (Credit: ZDNet.com.au)
According to the bank's chief information officer Michael Harte, one of the issues was that many of its customers were attempting to get their end of financial year processing done. "Our firewalls were flooded with volume," Harte told ZDNet.com.au this afternoon.
Today, according to Harte, the bank had already seen its normal customer traffic, around 1.2 million separate logins, by around 3:30pm. "We
were able to process a record number of transactions," he said. At
9:19 this morning, there were 18,700 concurrent users, 15 per cent
above the bank's normal load, a situation Harte described as "success in
scale".
But that wasn't the whole story; as the levels of traffic were quite unusual; normally the bank's highest traffic days are Easter and Christmas.
The bank also saw a higher
percentage of traffic which it wasn't sure was bona fide. It quickly took steps to quarantine what it believed could be network nasties. "We had to see if it was
malicious or not," Harte said.
The end result was that the bank had a scheduled outage. "At
three different points we had to take the systems down," Harte
said. However, contrary to the popular belief NetBank had been overwhelmed, Harte stressed these were planned actions. He said the system was up
and running by 5:30pm yesterday and that it had not needed to be taken down
today. As for security breaches, Harte said with confidence there
were "none whatsoever".
Over all, we have to keep a trusted environment
CBA CIO Michael Harte
The CIO said that the bank would try to ascertain where the
suspicious traffic had come from, but that it hadn't concluded its investigation yet. "You can never be 100 per cent sure where it's come from.
Better to quarantine it," he said.
Harte regretted the necessity of taking the system down, but said
it was in the best interests of the bank's users. "Over all, we have
to keep a trusted environment," he said.
Going forward, CBA will continue to work to minimise
occasions where the site has to be taken down via further work into
autonomic provisioning to handle peaks and better methods of
identifying users who come to the site often.
"You've at least identified them before and from that they're
authenticated users," Harte said.