Data—it’s really not just a 4-letter word anymore. When you consider storage, access, integrity, regulatory compliance, reporting, and security issues, managing data can become a complicated and daunting task. Just ask Data Processing Incorporated, a privately owned data processing services company located in Lawton, Oklahoma. Established in 1991, the company provides technical financial services for banks as a subsidiary of JR Montgomery Bancorp. Over the years, they’ve assembled a strong team of technical and banking experts that bring years of expertise to manage all of the data issues of the banking industry, including security and compliance.
As an IT services company, Data Processing Incorporated typically doesn’t deal with outside banking customers. Instead, their customers are the actual bank employees. Between two banks, they have over 1500 customers, a number of vendors, and a large volume of data to keep secure and uncompromised.
To manage each bank’s core banking IBM i server that houses their customer records, images, files, and reports, they use the Jack Henry Silverlake system—powerful, sophisticated, high-end banking software. Each bank has its own IT staff to handle technical issues and server issues. So, the company acts as a service midpoint between the bank employees and the IT staff, providing core services for both banks to maximize efficiency and avoid duplication.
SECURITY SUITE TO SURPASS ALL NEEDS
Anytime internal customers (bank employees) or external users (vendors) access the systems, a critical part of the company’s job is to verify that both the access and any subsequent requests are legitimate. To better comply with fast-changing regulatory and government requirements and maintain their tight security, Data Processing Incorporated selected the Powertech suite of products for their IBM i systems.
Paul Ballew, Sr. Vice President and IT Manager, explains. "We need to control user access and know what they’re doing. For any entry point into our core system, we need a security product that can help us monitor and verify that they’re authorized users, whether internal or external.
"We have three major external vendors that we deal with and they often dial in to support their products. As a result, programmers and other advanced users often connect to our systems and we need to police that. Part of our decision to use commercial applications was based on the fact that we wanted to use tools that weren’t created or supported by the people they monitor. There’s good value in a commercial security product from a group like Powertech.
"Currently, we’re implementing four Powertech products—[Powertech Exit Point Manager for IBM i, Powertech Compliance Monitor for IBM i, Powertech Authority Broker for IBM i, and Powertech SIEM Agent for IBM i]—to manage our security and our regulatory compliance. One great thing about Powertech is the flexibility of their products, especially [Powertech Compliance Monitor for IBM i].Compliance Monitor handles all our reporting requirements, and being able to design, test, and use our own reports is great.
"For any audit requirement or government OCC [Office of the Comptroller of the Currency] requirement, we should be able to generate whatever reports we need using Compliance Monitor. We also plan to use it to specify our own security policy and cross-check against it automatically—that’s a great feature that really makes sense."
As Paul explains, access control is also critical. "[Powertech Exit Point Manager for IBM i] gives us the ability to monitor and control folks coming in from the network. Meanwhile, [Powertech Authority Broker for IBM i] helps control access and meets another audit requirement. We generally limit authority, but when a user needs more authority at certain times, with Authority Broker, we can ‘promote’ them and track their actions.
"In the future, we plan to implement that same control for our vendors. Currently, when a vendor attempts to ‘come in’ to the systems, they fill out a request form telling us why. With Authority Broker, we’ll be able to add monitoring (electronic observation) as an alternate method of control."
Powertech SIEM Agent for IBM i plays a useful notification role. Today, Powertech SIEM Agent for IBM i notifies Paul and others so they can respond to security issues. Later, they are considering implementing a SIM (Security Information Management) solution that will work with Interact to send security events to a central enterprise message console.
FIRST RATE SUPPORT
So, with such big plans for today and for the future, they wanted to jump-start their Powertech implementation. As Paul describes it, "We decided to use some HelpSystems services, such as onsite implementation and training, to smooth the transition. We had a HelpSystems Training and Services Consultant come onsite and in just three days he got us going, and we were productive almost immediately. Our plan is to use the Powertech products for a while and then have him come back and do more training for some fine-tuning and to make sure we’re as efficient as possible.
"The Powertech consultant also trained the IT folks, internal auditing, and our information security officer. In the second phase of training, we’ll have these same people do more advanced reporting. Having a pro come in and look over your shoulder to help with the implementation pretty much guarantees success and keeps your frustration level down. They can provide a mentoring role while the people they’re helping work hands on. I think that things ‘stick’ with you longer if you do it that way."
Paul also likes Powertech support. "We haven’t had any negative issues with technical support—everything’s been positive. There’s tremendous value to support and it’s a good feeling knowing it’s there for us." So, between the powerful suite of security solutions, first-rate implementation services, and excellent technical support, Powertech is really helping Data Processing Incorporated manage, control, and secure their critical data, now and for the future.
Evaluate your system’s vulnerabilities with a free Security Scan. We will suggest steps you can take to protect your critical data. It’s quick and easy, with no obligation to you.
Ability to meet government and industry regulations
Customizable reports satisfy auditing requirements
Notifications enable a quick response to security issues