The cooperative universal bank filled a massive gap, meeting regulatory requirements with cutting-edge microsegmentation
Industry: Financial Services
Environment: On-premises data centers
Challenge: Complying with ISO 2700x security standards and the German Federal Financial Supervisory Authority (BaFin) mandates
Solution: Illumio Core
Results: Ease of use to maximize security and compliance posture; minimized risk of operational disruptions through test and automation capabilities; simplified, on-demand reporting for auditors
Frankfurter Volksbank is a cooperative universal bank that provides comprehensive financial services for 250,000 members and 600,000 private customers and medium-sized companies in the Rhine-Main region of Germany – all of which amounts to a high number of regulatory demands to ensure transaction security.
The German Federal Financial Supervisory Authority (BaFin) requires compliance with the provisions of the German Banking Act (KWG), the Minimum Requirements for Risk Management (MaRisk), and the Banking Supervisory Requirements for IT (BAIT). Conformity with ISO 2700x standards is also required.
For Head of IT Steffen Nagel, the pressure was on to find a security solution that would address essential requirements for compliance: complete network visibility and the ability to segment systems and applications that are part of the banking environment.
With 20 years of experience with traditional network segmentation, Steffen knew it was time to look for a new solution.
“Considering our available resources and the complexity of the task at hand, it was simply impossible to achieve our compliance goals through traditional approaches.”
Steffen quickly landed on Illumio Core as the superior solution.
“The ability to segment at the host level and enforce policy with native OS firewalls solved the problem in an elegant way,” he explained.
Speed and ease have been defining facets of the team’s microsegmentation experience from the start. Their move from proof of concept to production went smoothly and swiftly, with no impact on business operations.
“From a technical point of view, policy creation is where most of the work usually lies. But this is extremely simple with Illumio’s testing and automation capabilities,” added Steffen.
With Illumio policies in place, Frankfurter Volksbank has maintained ISO 2700x compliance requirements for segmentation. They have also addressed BAIT and MaRisk specifications, from environmental separation (isolating development, test, and production) to ring-fencing applications.
Illumio Core’s real-time application dependency map has been invaluable to the team and auditors alike. The map helped them fulfill the BAIT requirement for “an up-to-date overview of the components of the defined information network” and provides an application-centric view of their environment. It is an easy way for auditors to see connectivity and enforced policies, eliminating piles of Word documents to prove compliance.
Frankfurter Volksbank has taken full advantage of the power of the map by adding Illumio’s vulnerability map offering, which ingests vulnerability scan results to provide insights into their most vulnerable workloads and pathways attackers may exploit.
“With Illumio, we have made a significant leap to maximize security and minimize the risk of operational disruptions,” said Steffen.
Clear-cut compliance without disruption
Host-based microsegmentation has made the path to compliance efficient, with no impact on the network or disruption to operations.
Real-time visibility and security insights
The comprehensive map of application traffic and communications is integral to implementing segmentation and making policy decisions.
