To effectively secure data on behalf of its banking clients, Fiducia & GAD IT AG needs an evolving strategy that can help it to cope with emerging cybersecurity threats and increased regulations.
Fiducia & GAD IT AG adopted a pervasive encryption strategy involving IBM security features such as IBM z/OS® data set encryption and IBM Z® Multi-Factor Authentication to ramp up data protection.
Safeguardsclients’ reputations and economic stability by reducing impact of data breaches
Boosts efficiencythrough simple management of security and regulatory compliance
Enableshigh levels of security without stifling business agility
Business challenge story
Hitting a moving target
The cybersecurity landscape never stands still. Each day attackers invent new ways to probe organizations’ systems for weaknesses. This is especially true for the banking sector, which is a top target for cyber criminals. In response, and to give people more control over their personal data, industry regulators continue to release increasingly stringent guidelines such as the Payment Card Industry Data Security Standard (PCI DSS).
As IT service provider to approximately 900 German banks, Fiducia & GAD IT AG is responsible for protecting huge amounts of very valuable data. Peter Winter, Manager, Middleware and Transaction Systems, Mainframe Platform, Fiducia & GAD IT AG, says, “Today, the vast majority of money doesn’t exist in any physical sense; it’s represented by bits on a machine. The banks that we serve manage a lot of Germany’s money, which means that any compromise of their data could affect the economy and their reputations. At the same time, our banking clients have to comply with regulations that are getting stricter all the time, such as BaFin [Germany’s Federal Financial Supervisory Authority] and PCI-DSS. There’s no simple solution—the only answer is a security plan that never stops developing.”
It isn’t just external factors that influence Fiducia & GAD IT AG’s IT security strategy. New requests from internal users also play a role: the growing demand for application programming interfaces (APIs) introduces vulnerabilities that must be identified and addressed.
Pascal Meyer, Senior Enterprise Architect at Fiducia & GAD IT AG, adds, “Securing data cannot come at the price of business innovation. We’re incorporating approaches such as containerization into our IT landscape and hosting applications in the public cloud where appropriate. The ability to control and encrypt data across an IT environment that is becoming more diverse is essential but challenging.”
Ratcheting up security
Fiducia & GAD IT AG is building on the exceptional security of its IBM Z platform, taking advantage of new features to bolster protection of data and systems. Meyer comments, “We’re seeing IBM Z evolve dramatically, turning into an open enterprise server that can host cloud-ready applications managed with Kubernetes and OpenShift.”
Executing a pervasive encryption strategy on IBM Z, Fiducia & GAD IT AG is applying extensive encryption to data in-flight and at-rest using IBM z/OS data set encryption. As a result, the company has been able to replace self-written encryption and decryption programs for many applications. Fiducia & GAD IT AG is in the process of enabling z/OS Enterprise Readiness Technology (zERT) to monitor and record the cryptographic protection attributes of network connections terminating on z/OS. With zERT, Fiducia & GAD IT AG can determine which of the connections are properly or improperly configured. This could potentially help the company in its efforts to simplify compliance reporting.
Meyer says, “It was easy to implement IBM z/OS data set encryption to enable pervasive encryption, and we saw benefits immediately, in terms of both time savings and reduced resource consumption.”
For many years, Fiducia & GAD IT AG has relied on the IBM zSecure suite to automate IBM Z security administrative tasks, implement security policies, detect threats and enable real-time alerts. The company integrated IBM zSecure with IBM QRadar® Security Information and Event Management to take advantage of embedded intelligence to refine its response to security incidents.
Fiducia & GAD IT AG also utilizes IBM Hardware Security Modules (HSMs) extensively to perform cryptographic operations and protect keys within a purpose-built computing environment. Using the IBM Java API for CCA package, combined with interoperability between classical programming languages and Java, the company allows Java (alongside all classic programs on z/OS) to consume z/OS native cryptographic services via one API. To reduce the need for distributed hardware security modules, the company relies on the Advanced Crypto Service Provider solution to enable distributed applications to invoke z/OS native cryptographic services remotely.
Fiducia & GAD is deploying IBM Z Multi-Factor Authentication to implement the strong access control measures typically required by regulations such as PCI DSS. Meyer explains, “Within the next few months, we will fully deploy multi-factor authentication, stepping up the security around access to user accounts on IBM Z.”
In close collaboration with IBM, Fiducia & GAD IT AG evaluates new IBM security capabilities as they are released, and uses these to augment its overall IT security plans. For example, the company is investigating the IBM Enterprise Key Management Foundation and Trusted Key Entry for Master Key Management to help it to manage keys and certificates.
Delivering benefits to businesses
By securing data on IBM Z, Fiducia & GAD IT AG is protecting its banking clients from the potential reputational damage and financial penalties that can be associated with data breaches. With so many of Germany’s banking systems running on infrastructure managed by the company, Fiducia & GAD IT AG helps to ensure service continuity for millions of people.
Winter says, “By combining the security capabilities of IBM Z with other tools and our in-house expertise, we are taking every measure to protect our banking clients’ data from compromise. As a result, we contribute to the stability of the German economy.”
Meyer continues, “Working with IBM, we can roll out capabilities out-of-the-box that can help us comply with emerging regulations more easily. The IBM Z roadmap is developing alongside our own to help us continue boosting security while making management easier.”
Fiducia & GAD IT AG is a partner for innovation for its banking clients. Utilizing open, flexible security features from IBM, the company can safeguard data without curbing business agility. Winter concludes: “We’re demonstrating to our clients that the IBM Z platform is the future for cloud-ready development. Security continues to get better on IBM Z, and so does the ability to innovate.”
About Fiducia & GAD IT AG
Fiducia & GAD IT AG is the information technology service provider within the Finance Group cooperative in Germany. The company’s 4,500 employees serve a client base that includes around 900 Volksbanken and Raiffeisenbanken in Germany, cooperative financial companies, and numerous private banks. Ultimately responsible for supporting more than 82 million customer accounts, Fiducia & GAD manages more than 166,000 banking workplaces and 34,000 ATMs nationwide.
Take the next step
To learn more about enterprise security enabled by IBM Z, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/it-infrastructure/z/capabilities/enterprise-security
To learn more about Multi Factor Authentication, please visit the following website: https://www.ibm.com/products/ibm-multifactor-authentication-for-zos
To learn more about IBM zSecure, please visit the following website: https://www.ibm.com/security/mainframe-security/zsecure
To learn more about QRadar Security Info and Event Management, please visit the following website: https://www.ibm.com/products/qradar-siem