The Security Operation Centre consolidates the bank’s strategy of increasing ‘readiness’ to counter cyber threats.
Banca Progetto, a challenger bank controlled by BPL Holdco S.à.r.l. – an investment company owned by Oaktree Capital Group and led by Paolo Fiorentino, was created at a time of profound transformation of the Italian banking sector with the aim of becoming in a short time one of the most important operators in the household and corporate credit market.
With offices in Milan and Rome and a commercial network present throughout the country, Banca Progetto specializes in the provision of banking services to small and medium-sized Italian businesses (over 6,000 customers) as well as for private clients (70,000 customers in Italy between deposit accounts and the sale of the fifth company).
To address changing customer demands and operational pressures, Banca Progetto embarked on a journey as an unconventional digital bank in late 2018 and early 2019, embracing the cloud on Amazon Web Services (AWS) platform. As data volumes increased, it was necessary to secure its entire installed IT system as a result of ever-increasing data volumes. S2E was chosen as the partner who shared the same cloud vision and was able to package a tailored security operations center based on its size, a company committed to innovation, operational excellence, and a focus on the cloud – as well as for its expertise in AWS (S2E is an AWS Advanced Partner) – and not least because of its focus on high standards of security and compliance.
Financial institutions have two peculiarities: one is that of a very extensive supply chain with many outsourcing (for credit cards, for master data management, for document CRIO for CRM, etc.) and the second is a very strict legislation to be adhered to that includes The Italian Data Protection Authority, DORA, Bank of Italy and EBA legislation, etc., consequently the complexity of the supply chain and the stringent regulatory constraints become priorities.
A tailored solution
With the support of S2E, Banca Progetto was able to build a SOC that is capable of handling millions of interactions. It is important to note that the attack surface in the banking world is not simply about processing LOGs, individual devices or users that managed, but also the supply chain and all on-premise cloud integrations that must be tracked. By adopting this approach, the bank is able to achieve a progressive level of cyber readiness (the highest of the four levels) that enables it to handle an attack effectively. Furthermore, through integrability, it has been possible to interconnect the SOC with the bank’s infrastructure ecosystem so that it can interact with all the other products it uses to govern, and thanks to the changeability, it is able to make any changes within the structure quickly.
The main benefits of SOC 2.0 for Banca Progetto were four:
- Real digital transformation – Cybersecurity also becomes part of the bank’s digital transformation, which is realised both by moving machines to the cloud and with the use of native services.
- Integrability – Cloud-based SIEM tools allow full integration with traditional security operations and data governance tools (e.g. cloud security posture) while fully integrating with the company’s cloud-centric strategy.
- Changeability – There is scalability, flexibility, and reliability, but that is not all: faster changes and implementation of services, resulting from scenarios and risks in the bank’s ecosystem, are also guaranteed.
- Security by design – Through the evolution of SOCs in the cloud, the concept of security by design is applied. As such, by automating data security controls and developing a robust IT infrastructure, it is possible for the bank to improve its own level of cyber resilience,
“Our bank was the first in Italy to migrate to AWS – and the first to bring a specific cloud security posture – so we required a SOC 2.0 tailored to our needs,” comments Giorgio Rocca, CISO at Banca Progetto, “In addition to the SOC, the choice of the company implementing the service was crucial in order to have a performant and absolutely protective from a cybersecurity point of view. S2E is a partner that has high consulting skills,” continues Rocca. “We were immediately on the same page as they were able to share our goals, and moreover, their commitment to digital transformation allows us to have a high-performance cyber resilience.”
“We completely redesigned the SOC to be granular and adaptable, selecting the most ductile cloud native SIEM system,” explains Andrea Cerro, Business Unit Director Enterprise Security Services at S2E. “As a result, we have evolved the types of services we provide and have implemented monitoring processes and incident response times which are now one tenth of what they were before. Additionally, we have 24-hour operability not only of the operators of the SOC itself but also by the technicians who are able to limit stop-downs to a maximum”.
By virtue of this partnership, Banca Progetto will also reap the benefits of innovation and technology translate into greater efficiency in several areas such as:
- Management of security functions related to the IT infrastructure (network, systems, and applications) on a physical and virtual basis
- In order to detect timely attempts to intrude, attack, or measure systems, the IT infrastructure is monitored in real time.
- Several services are available to improve an organization’s level of security (security assessments, vulnerability assessments, early warnings, and security awareness).
S2E | Solutions2Enterprises is a business technology firm, 100% Made in Italy with headquarter in Milan and branches in Rome, Lecce and Tel Aviv (Istrael) with +300 people including employee and business partners. Since over 10 years, S2E redesigns, customizes and develops a wide range of business digital solutions for companies in Isurtech, Fintech and Business techin the areas of competences of Digital Engagement, Data Analytics and Artificial Intelligenece, Cloud Services and Cybersecurity. Innovation is our key business driver and we are always scouting for new cutting edge technologies around the world.