Nomura International has just uploaded the first application onto its corporate extranet, a fund order routing system, to be used by Nomura Asset Management (NAM). Fund OS, a proprietary application that allows Japan-based brokers to communicate their fund orders directly with Nomura fund managers, was designed by Nomura at the behest of its investment management division.
"NAM asked us to do the work for them," explains Mark Banwell, head of electronic commerce for Nomura International. "And, they paid us hard cash for it."
Fund OS allows the Japan-based brokers, who sell components of Nomuras funds, to aggregate their orders and route them to the London headquartersthe extranets central sitewhich then passes those orders along to the fund managers located in Luxembourg. Banwell says that the Fund OS application proves that the new extranet architecture, just completed in recent months, works and is ready for many more applications to be accessed by traders, brokers and money managers throughout the Nomura enterprise.
Banwell points out that the most difficult part of building this enterprise-wide extranet was its security component. "Our plan was to create a flexible Web technological infrastructure for the company which would enable the business to cater to e-business opportunities in the market," he says. "In order to do that, we needed to create an environment that we term secure, user-centric navigation."
The first level of the extranet is the log on, which utilizes three security methods. For low-priority applications and services, the user only needs an ID and password. The next level of security requires a digital certificate to be loaded onto a users desktop, which is verified by a Netscape Certificate Server. For the highest level of protection, Nomura has employed a secure ID card with a six-digit number that requires synchronization with another four-digit PIN number. Banwell explains that the card provides for very strong authentication, but comes at a high cost and is thus reserved only for necessary situations. Contrasting it from a digital certificate, which essentially binds the user to the one desktop, the ID card allows users to access the extranet from any computer.
Log on, though, is only the beginning. Once verified, the user is passed along into an EnCommerce getAccess server, which identifies which applications that user may access. Without the getAccess server, the system would require users to have an ID for each and every application. Expounding on the virtues of the getAccess layer, Banwell says, "The reason we find it clever is, you can have a myriad of applications built on different platforms, and you can present them through a single presentation layer, which makes them all look the same."
Once the user is verified in getAccess, the persons request is then moved onto a Sun Microsystems NetDynamics server, an "airlock," as Banwell sees it, because it prevents information from flowing directly into the application servers, and, more importantly, from flowing directly out.
"You want to deliver as much information as you can on the extranet, but anything that goes out of a company is a route back in for a hacker," he says. "What we have here is an airlock. You stay on the outside, and Net Dynamics goes in and gets the information for you, and puts it back into the airlock. At no point do we want an open door into the system."
With Fund OS running successfully on the network, Nomura is looking to upload an equity order routing system and an equity client portal by the end of the year. Another feature to be added this year is a client back-office portal for Nomuras buy-side clients, offering instant access to Nomuras back office so they may remediate trade exceptions more readily.