|
Founded in 1987, Fiditalia is one of the largest consumer credit groups in Italy, catering for the private and business sectors. A part of the French banking group Societe Generale, it provides a range of financial services including credit cards, personal loans and POS financing. It has over two million active clients, 34 branches and 11,000 active points of sale throughout Italy.
|
|
|
The company owns a System i model i570 with two partitions running under V5R4M0. One partition is for production while the other is used for testing and development.
|
|
|
About 500 users are connected via 5250 emulation, some of whom access the System i also through FTP and ODBC.
|
|
|
The main business applications, credit and accounts management, run on a dedicated production partition. Each application system owns and exposes web services, the architecture being SOA oriented. Management and control is provided through ESB powered by TIBCO.
|
|
|
There is no shortage of demands on Fiditalia's IT department to ensure appropriate security and auditing measures are in place. On the one hand there is the parent company, Societe Generale, the auditors of which seek to ensure their corporate security policy is implemented. Then there is the stringent Bank of Italy's privacy act, not forgetting the need to comply with Basel II.
|
|
|
The items topping the list of priorities in security and auditing were protection of the System i from misuse of TCP/IP access and a history of application and system changes. Domenico Finucci, Fiditalia's Security Manager said "The main goals were to be safe and protected against possible threats arising from FTP and ODBC connections and activities". Regarding auditing he added "A stable and reliable history about changes on system-based values and users was also mandatory. Add also the consideration that our internal activity, sorveglianza permanente (permanent surveillance), relies on knowing who did what and when".
|
|
|
It was decided to look into acquiring a software product to achieve the above aims, and Fiditalia contacted IBM for their advice. IBM presented Bsafe/Enterprise Security from Bsafe Information Systems which was immediately liked by Domenico and his colleagues. As he says: "The characteristic of Bsafe were very interesting from the very beginning".
|
|
|
The product was installed in January 2007 by the Fiditalia technical people with the support of IBM who also provided training in the use of the product.
|
|
|
Two administrators spend a total of some eight hours a week using the product. They make use of many of the advanced auditing features of Bsafe/Enterprise Security including application access auditing, event alerting, field-level file auditing, system event auditing, and system inquiries. They use protection and systems management functions such as exit point access control, object authority manager, user profile, administration role manager and the recently added compliance manager.
|
|
|
Now, having used Bsafe/Enterprise Security for over half a year, Fiditalia's Security Manager has come to rely on the product and says it would be impossible to do what it does by themselves. When asked which features he likes best, Domenico Finucci answers, "The possibility to know what's happened, when and who did it and, of course, the possibility to monitor (and stop, if needed) ODBC and FTP activities".
|
|
|
The Security Manager of this major Italian financial company says he already sees the return on investment in "auditing and a sense of security". The same feelings are expressed by Lucio Santaniello (Chief of Technological Dept.), Enzo Squillante and Mario Tranfo (iSeries System Technicians). Would they recommend Bsafe/Enterprise Security? "Absolutely" is their reply.
|
|
|
|
|
