Intesa Sanpaolo Banka Bosna i Hercegovina Maximizes Access Security, Streamlines Auditing, Enforces Compliance, and Reduces IT Resources by 13%
 
 

Intesa Sanpaolo Banka Bosna i Hercegovina Maximizes Access Security, Streamlines Auditing, Enforces Compliance, and Reduces IT Resources by 13%

Printer View Printer View

Intesa Sanpaolo Banka Bosna i Hercegovina provides retail, corporate, and investment banking services to almost 137,000 clients in Bosnia and Herzegovina. Its network of branches and ATMs covers the entire country. The bank is part of Milan-based Intesa Sanpaolo Group that operates in 13 countries in central and eastern Europe and has 1,500 branches and 8.3 million clients.

The bank uses Oracle Audit Vault to automate secure data collection for internal and external auditing and reporting. As a result, it has simplified its compliance processes in the highly regulated financial sector, enforced stringent access controls, gained timely database activity alerts, shared real-time security intelligence across the entire enterprise for the first time, and reduced IT resources by 13%.

 
 

 
 

Challenges

A word from Intesa Sanpaolo Banka Bosna i Hercegovina

  • "Oracle Audit Vault enables us to consolidate audit logs into a central and secure warehouse to proactively address current and future security challenges. It streamlines regulatory compliance while reducing costs." – Branislav Šunjić, Head of the System Support Unit, Intesa Sanpaolo Banka Bosna i Hercegovina

  • Enforce world-leading database auditing and reporting to protect sensitive customer bank account details and credit card data against unauthorized access by privileged users, such as the bank’s database administrators (DBAs) and customer-facing employees
  • Gain timely alerts to log-in failures and detect attempts to gain unauthorized access or other suspicious activity that might indicate a potential security violation
  • Streamline compliance with audits carried out by the Milan headquarters to monitor access management, customer protection, data privacy, and risk-governance processes
  • Demonstrate compliance with Bosnia and Herzegovina national regulations governing data access security and gain the ability to rapidly comply with future regulatory changes
  • Conform to payment card industry (PCI) data security standard (DSS) guidelines for organizations that process credit card transactions to prevent fraud and hacking and ensure the bank’s continued ability to offer credit cards to customers
  • Reduce the time and cost of collecting and analyzing data and creating reports to meet the different requirements of each auditing body

Solutions

Oracle Product and Services

  • Shortened compliance assessment sessions by 30% using Oracle Audit Vault to verify, consolidate, and centralize audit data in a single data warehouse to generate reports for internal and external auditors, government regulators, and PCI DSS inspectors
  • Reduced IT team staff 13% by using Oracle Audit Vault to automate collecting audit data from multiple databases, applications, and operating systems―replacing manual methods and scripts
  • Minimized impact of audits on day-to-day IT operations, which boosted staff productivity
  • Enforced access controls for database administrators and other users according to individual job function and security clearance level to avoid abuse of system privileges
  • Monitored customer data continuously to identify potential security breaches according to predefined alert rules
  • Gained the ability to detect potential insider threats or privacy breaches in near real time and take prompt corrective action
  • Enabled managers to create customized management reports on compliance, tracking key performance indicators, and adapt to reports in line with changing business requirements
  • Allowed authorized staff to view security reports simultaneously online and share intelligence seamlessly for the first time
  • Enforced consistent data access and privacy policies; built transparent, robust protection against insider threats; and gained flexibility to comply with new regulatory requirements
  • Benefited from Oracle Audit Vault’s scalability to audit expanding data volumes, while boosting security in line with the bank’s strategy to grow market share
  • Reduced the cost of compliance in the highly regulated financial sector

Why Oracle

Intesa Sanpaolo Banka Bosna i Hercegovina, a long-standing user of Oracle Database, chose Oracle Audit Vault for its preconfigured, out-of-the-box functionality that enables the bank to mitigate security risks without the need for application changes.

"Oracle Audit Vault provides the highest possible security standards for our customers’ personal and financial data, while enforcing best-practice, corporate governance,” said Branislav Šunjić, head of system support, Intesa Sanpaolo Banka Bosna i Hercegovina.

Partner

Oracle Specialized Partner PING d.o.o., and specialist provider to the financial services sector, implemented Oracle Audit Vault and provides on-going support, as required.

"PING developed our core banking applications and the team’s expert knowledge of our business and Oracle technology is unrivalled," Šunjić said. "The combination of Oracle Audit Vault and PING’s knowledge and support provides us with powerful data protection."

My Oracle Support helped the bank to accelerate the implementation by providing expert advice to resolve complex firewall configurations at the bank.

"Engineers from My Oracle Support enabled us to avoid a lot of wasted time and effort during the implementation by overcoming the problem of conflicting firewalls at the bank’s locations," said Omer Jelagić, account manager, PING d.o.o. "Their expertise helped ensure a smooth go-live with minimal disruption to the customer."