The Security Operation Centre consolidates the bank’s strategy of increasing ‘readiness’ to counter cyber threats.
Banca Progetto, a challenger bank controlled by BPL Holdco S.à.r.l. – an investment company owned by Oaktree Capital Group and led by Paolo Fiorentino, was created at a time of profound transformation of the Italian banking sector with the aim of becoming in a short time one of the most important operators in the household and corporate credit market.
With offices in Milan and Rome and a commercial network present throughout the country, Banca Progetto specializes in the provision of banking services to small and medium-sized Italian businesses (over 6,000 customers) as well as for private clients (70,000 customers in Italy between deposit accounts and the sale of the fifth company).
Requirements
To address changing customer demands and operational pressures, Banca Progetto embarked on a journey as an unconventional digital bank in late 2018 and early 2019, embracing the cloud on Amazon Web Services (AWS) platform. As data volumes increased, it was necessary to secure its entire installed IT system as a result of ever-increasing data volumes. S2E was chosen as the partner who shared the same cloud vision and was able to package a tailored security operations center based on its size, a company committed to innovation, operational excellence, and a focus on the cloud – as well as for its expertise in AWS (S2E is an AWS Advanced Partner) – and not least because of its focus on high standards of security and compliance.
Financial institutions have two peculiarities: one is that of a very extensive supply chain with many outsourcing (for credit cards, for master data management, for document CRIO for CRM, etc.) and the second is a very strict legislation to be adhered to that includes The Italian Data Protection Authority, DORA, Bank of Italy and EBA legislation, etc., consequently the complexity of the supply chain and the stringent regulatory constraints become priorities.
A tailored solution
With the support of S2E, Banca Progetto was able to build a SOC that is capable of handling millions of interactions. It is important to note that the attack surface in the banking world is not simply about processing LOGs, individual devices or users that managed, but also the supply chain and all on-premise cloud integrations that must be tracked. By adopting this approach, the bank is able to achieve a progressive level of cyber readiness (the highest of the four levels) that enables it to handle an attack effectively. Furthermore, through integrability, it has been possible to interconnect the SOC with the bank’s infrastructure ecosystem so that it can interact with all the other products it uses to govern, and thanks to the changeability, it is able to make any changes within the structure quickly.
Main benefits
The main benefits of SOC 2.0 for Banca Progetto were four:
- Real digital transformation – Cybersecurity also becomes part of the bank’s digital transformation, which is realised both by moving machines to the cloud and with the use of native services.
- Integrability – Cloud-based SIEM tools allow full integration with traditional security operations and data governance tools (e.g. cloud security posture) while fully integrating with the company’s cloud-centric strategy.
- Changeability – There is scalability, flexibility, and reliability, but that is not all: faster changes and implementation of services, resulting from scenarios and risks in the bank’s ecosystem, are also guaranteed.
- Security by design – Through the evolution of SOCs in the cloud, the concept of security by design is applied. As such, by automating data security controls and developing a robust IT infrastructure, it is possible for the bank to improve its own level of cyber resilience,
“Our bank was the first in Italy to migrate to AWS – and the first to bring a specific cloud security posture – so we required a SOC 2.0 tailored to our needs,” comments Giorgio Rocca, CISO at Banca Progetto, “In addition to the SOC, the choice of the company implementing the service was crucial in order to have a performant and absolutely protective from a cybersecurity point of view. S2E is a partner that has high consulting skills,” continues Rocca. “We were immediately on the same page as they were able to share our goals, and moreover, their commitment to digital transformation allows us to have a high-performance cyber resilience.”
“We completely redesigned the SOC to be granular and adaptable, selecting the most ductile cloud native SIEM system,” explains Andrea Cerro, Business Unit Director Enterprise Security Services at S2E. “As a result, we have evolved the types of services we provide and have implemented monitoring processes and incident response times which are now one tenth of what they were before. Additionally, we have 24-hour operability not only of the operators of the SOC itself but also by the technicians who are able to limit stop-downs to a maximum”.
By virtue of this partnership, Banca Progetto will also reap the benefits of innovation and technology translate into greater efficiency in several areas such as:
- Management of security functions related to the IT infrastructure (network, systems, and applications) on a physical and virtual basis
- In order to detect timely attempts to intrude, attack, or measure systems, the IT infrastructure is monitored in real time.
- Several services are available to improve an organization’s level of security (security assessments, vulnerability assessments, early warnings, and security awareness).
About S2E
S2E | Solutions2Enterprises is a business technology firm, 100% Made in Italy with headquarter in Milan and branches in Rome, Lecce – where S2E recently opened its R&D center – and Tel Aviv (Istrael). To date it can count on 420 people, including 360 operational professionals on IT issues. Making innovation and continuous scouting of new technologies its strength, S2E redesigns, personalizes and develops solutions in artificial intelligence, data solutions, cybersecurity, hyperautomation and robotic process automation, data center, network, enterprise mobility, application maintenance, legacy modernization, cloud computing, consulting and professional services. These are solutions that can help the digital transformation of organizations, particularly those in banking, insurance, retail, energy&oil, telco, utility and fashion, and public administration. S2E is an equal opportunity company. We celebrate diversity and are committed to creating an inclusive environment for all employees. The continuous search for the best new technologies and a strong focus on people is the drivers that guide S2E: at S2E, people have always been at the center.
Learn more: https://solutions2enterprises.com/en/
Press contacts
S2E / Emanuela Colò
Tel. 3339648479 – emanuela.colo@s2e-pro.com
Quorum PR / Giovanna Benvenuti
Tel. 3474007536 – giovanna.benvenuti@quorum-pr.com