Frankfurter Volksbank Invests in Illumio for Compliance Success

Overview and challenges

Frankfurter Volksbank is a cooperative universal bank that provides comprehensive financial services for 250,000 members and 600,000 private customers and medium-sized companies in the Rhine-Main region of Germany — all of which amounts to a high number of regulatory demands to ensure transaction security.

The German Federal Financial Supervisory Authority (BaFin) requires compliance with the provisions of the German Banking Act (KWG), the Minimum Requirements for Risk Management (MaRisk), and the Banking Supervisory Requirements for IT (BAIT).

Conformity with ISO 2700x standards is also required. For Head of IT Steffen Nagel, the pressure was on to find a security solution that would address essential requirements for compliance: complete network visibility and the ability to segment systems and applications that are part of the banking environment.

With 20 years of experience with traditional network segmentation, Steffen knew it was time to look for a new solution: “Considering our available resources and the complexity of the task at hand, it was simply impossible to achieve our compliance goals through traditional approaches.”

How Illumio helped

Steffen quickly landed on Illumio Core as the superior solution.

“The ability to segment at the host level and enforce policy with native OS firewalls solved the problem in an elegant way,” he explained.

Speed and ease have been defining facets of the team’s microsegmentation experience from the start. Their move from proof of concept to production went smoothly and swiftly, with no impact on business operations.

“From a technical point of view, policy creation is where most of the work usually lies,” said Steffen. “But this is extremely simple with Illumio’s testing and automation capabilities.”

With Illumio policies in place, Frankfurter Volksbank has maintained ISO 2700x compliance requirements for segmentation. They have also addressed BAIT and MaRisk specifications, from environmental separation (isolating development, test, and production) to ringfencing applications.

Illumio Core’s real-time application dependency map has been invaluable to the team and auditors alike. The map helped them fulfill the BAIT requirement for “an up-to-date overview of the components of the defined information network” and provides an application-centric view of their environment. It is an easy way for auditors to see connectivity and enforced policies, eliminating piles of Word documents to prove compliance.

They’ve taken full advantage of the power of the map by adding Illumio’s vulnerability map offering, which ingests vulnerability scan results to provide insights into their most vulnerable workloads and pathways attackers may exploit.

“With Illumio, we have made a significant leap to maximize security and minimize the risk of operational disruptions,” said Steffen.

Results and benefits

• Clear-cut compliance without disruption
  Host-based microsegmentation has made the path to compliance efficient, with no impact on the network or disruption to operations.
• Real-time visibility and security insights
  The comprehensive map of application traffic and communications is integral to implementing segmentation and making policy decisions.

Illumio has filled a gap for which there was previously no solution. In addition to meeting compliance regulations, we have seen drastic improvements in our overall security posture. Steffen Nagel Head of Information Technology Frankfurter Volksbank