To protect its business systems, this insurer aims to ensure every server in its estate complies with robust security policies—but manual processes made compliance monitoring a demanding, time-consuming task.
This IBM client uses IBM® PowerSC™ to deliver real-time compliance monitoring across its virtualized IBM PowerVM® environment, and IBM PowerVC™ to standardize its deployment procedure for virtual servers.
Enables99% faster provisioning based on standardized configuration templates
Helpsidentify and address compliance risks rapidly through real-time monitoring
Boostssecurity and improves defense capabilities against evolving threats
Business challenge story
Identifying new threats
Cyber-attackers are constantly adapting their tactics—and for large enterprises, the challenge is to build and maintain the robust security policies and best practices that help protect mission-critical business systems.
Compliance is a key focus for this leading South American insurer. A company spokesperson explains: “Like many leaders in our space, we are always looking for ways to strengthen our security posture. Achieving this goal means refining our security policies as the threat landscape evolves and—crucially—ensuring that all of our servers comply with those policies.”
To drive its business, the insurer relies on SAP ERP business systems connected to the SAP HANA database, running on IBM POWER8®-processor-based systems divided into logical partitions (LPARs) and virtualized with IBM PowerVM.
“Our compute resource requirements vary considerably, and activities such as month- and quarter-end reporting produce large peaks in utilization,” continues the company spokesperson. “One of the things that we appreciate most about the IBM POWER® architecture is the ability to dynamically share resources between different virtual systems as that demand rises and falls. As a result, we can consolidate our environment on a significantly smaller number of physical servers than would be possible with a comparable x86-based platform—helping us to contain our operational costs.”
In the past, the insurer relied heavily on manual processes to provision, configure and maintain its virtual servers. To strengthen security as new threats emerged, the company aimed to standardize its configurations for new virtual servers, and improve its ability to identify and remediate vulnerabilities across the network.
“We previously used spreadsheets to maintain a record of our server configurations,” comments a member of the company’s IT team. “One of the main difficulties with this approach was if someone subsequently made a change to a system, we had no way of knowing what had happened, or assessing the impact on compliance. To solve the challenge at scale without increasing the headcount of our lean IT team, we looked for a way to automate our compliance monitoring processes.”
Deploying real-time monitoring
The insurer worked with IBM Systems Lab Services to shape an automated, policy-driven approach to compliance based on IBM Power Security and Compliance (PowerSC), IBM Virtualization Center (PowerVC) and IBM BigFix®.
IBM PowerSC delivers security and compliance monitoring optimized for IBM PowerVM environments and the IBM AIX® operating system. Offering visibility from the hypervisor and firmware through the virtualization layer to the operating system, IBM PowerSC enables this client to identify its exposure to threats in real time, and then take fast action to deploy patches using IBM BigFix.
One of the things that impressed the insurer’s IT team most about IBM PowerSC was the number of compliance processes it could simplify. With IBM PowerSC monitoring its environment in real time, the team is free to focus on other value-added activities. If the solution detects a change that could cause one of the systems to drift out of compliance, it alerts the team immediately—and they can take fast action to remedy the issue.
By combining its security and compliance solution with virtualization management capabilities from IBM PowerVC, the insurer can define standards-based templates for provisioning virtual servers. These templates help ensure that all new virtual servers conform to the company’s current security policies.
The spokesperson adds: “Throughout the deployment process and beyond, working with IBM was a very positive experience. We recently engaged the team to support us with our upgrade to IBM PowerSC version 1.2, and IBM is always on hand to provide the education and knowledge-transfer sessions we need to maximize the value of our investment in the platform.”
With real-time compliance monitoring at the heart of its security strategy, this insurer has gained the responsiveness it needs to address potential threats rapidly—strengthening its overall security posture.
“Before, monitoring our environment was a time-consuming, manual process—which made it difficult to build a complete and accurate picture of our exposure to security risks,” says the IT team member. “Our first goal was to take control of the configuration of our server landscape, and thanks to our IBM solution and assistance from IBM Systems Lab Services, that’s exactly what we’ve achieved.
“Now that we have a 360-degree view of compliance across our virtual environment, we can focus on building organizational processes to enhance our data governance and drive additional security improvements. For example, we have recently invested in IBM Spectrum Control™, which will enable us to simplify our storage management processes, and apply retention policies for sensitive data from a single point of control.”
As well as centralizing its compliance management, the insurer has successfully standardized its processes for building new servers.
Using manual processes, provisioning a virtual machine that meets the rigorous standards of the company’s compute templates could take as long as a week—but with IBM PowerVC, this insurer can roll out compliant servers in less than ten minutes, more than 99 percent faster. By integrating IBM PowerSC into IBM PowerVC compute templates, the IT team can ensure that every new server provisioned has IBM PowerSC in place as standard. On average, two virtual machines are added to the company’s IBM Power Systems environment every month, and the insurer anticipates that IBM PowerVC will save it a significant amount of time.
In addition, the insurer used the solution to deliver a standardized configuration file to all 80 of its production LPARs in a single update—helping to ensure that all of the company’s systems are aligned with the same best-practice approaches to security.
Thanks to granular, automated reporting tools, the IBM client can demonstrate its compliance to internal and external auditors faster and with less manual effort.
The company spokesperson concludes: “This year, our business completed an initial public offering [IPO]—and our IT governance requirements are increasing sharply. Thanks to our IBM solutions, we have all the information we need to meet those new requirements. By delivering in-depth reports to our compliance department, we are confident that auditing will become far easier and more transparent.
“Compliance can be a transient thing—and to safeguard the business, it’s imperative that we know at all times which of our systems are compliant and which are not. With IBM solutions driving our compliance monitoring processes, we can take timely, targeted action to keep our business systems secure.”
Leading South American Insurer
Headquartered in South America, this IBM client is a leading multinational insurer operating in more than 100 countries worldwide, and offers reinsurance solutions to a diverse range of sectors, including financial services and property.