4-page Case Study - Posted 6/13/2007
Views: 598
Rate This Evidence:
Easy, Secure and Uninterrupted Access to Documents for Dexia Staff and Partners
Dexia, a Belgian bank with worldwide operations, needed staff to be able to access files and information around the clock, while also enabling a whole range of external partners to rely on a smooth exchange of information. There was an urgent need for an integrated system through which data and files could be sent and received securely. In just three months, Dexia Technology Services developed a solution based on Microsoft ISA Server 2006 that met the bank’s stringent security requirements. The solution uses a dual screening system for viruses and authentication procedures, while focusing on ease of use and keeping costs down. ISA Server gives the various parties involved problem-free, secure access to information. The application is very user-friendly, as a result of which no applications need be installed on user PCs and Dexia retains control at all times.
Situation
In recent years, Dexia has evolved into a group that operates in many markets. Over time, the group’s businesses have expanded globally and Dexia now has employees in countries that include Australia, Hong Kong, Mexico and the United States. Just about every company joining the Dexia fold has its own software applications, which means that much work is required to achieve harmonization. And because there were external parties that also needed information and to exchange data, Dexia went looking for a solution that offered a high level of security, combined with great simplicity and ease of use.
 |
The biggest benefit of this application? Easy: it simply works!  |
|
|
Jean-Luc Bruwier
Office Infrastructure Manager
Dexia Technology Services |
|
|
Stringent security requirements
“Because we operate in the financial services market, security is even more important to us than it is in some other sectors. Consequently, the parameters used by Dexia to implement its IT applications are also very strict,” says Jean-Luc Bruwier, Office Infrastructure Manager. “We were also faced with the fact that our strong growth worldwide meant that we needed to find a solution that would enable a large number of staff and external partners to access information quickly and easily. The way knowledge was being shared was also being hampered by this rapid growth. In addition to this, the business side came up with a practical project with a three-month deadline to find a solution that would make it possible to exchange information and files internationally simply and easily.”
“Three months is a very short space of time to go from A to Z in terms of implementation,” points out Johan Smekens, System Architect. “But despite the time constraints, we could not allow ourselves to be tempted by a fast, but less well thought-through solution. A structural analysis gave us a number of clear premises that defined the direction we needed to find the right solution.”
“It is certainly worth mentioning that this project was one of the first in Microsoft’s Technology Adoption Program (TAP). In fact, we were actually the first to go live with this application in Europe. So it is very much something to be proud of.”
Security totally in Dexia’s hands
The study phase indicated clearly that we did not want to be dealing with the workstations that users would be contacting our infrastructure with. We wanted to have as universal a platform as possible that could be used on every desktop operating system and any browser.
One of the first things that soon became apparent was that we needed a solution that could work without having to install anything on user PCs. One of the reasons was that this was simply not possible with a deadline of just 3 months. Another was security: the mishmash of configurations on PCs worldwide meant that it was best for Dexia to retain total control of security.
This decision quickly led Dexia Technology Services to ISA Server 2006, which was then at the beta. It soon became clear that this suited Dexia’s needs best. It also meant that the double antivirus protection – an internal Dexia security requirement – was solved with a check on the ISA Server and a check on the data server. Strict authentication was also possible via ISA.
|
One crucial requirement was that there had to be no application on user PCs. The computers used by our staff and partners worldwide have very different configurations, making them impossible to control. ISA Server 2006 solves that problem perfectly. |
|
|
Kris Vanrusselt
System Architect
Dexia Technology Services |
|
|
Three user levels
In the period prior to the implementation of ISA Server 2006, Dexia worked on authentication using the Digipass. The Digipass is a great solution for a limited group of users, but as soon as several hundreds or thousands of users are involved, an enormous amount of administration is needed. This obstacle had to be overcome if ISA Server was to be made available to a large group of users.
Dexia solved the problem by working with three levels of users. The first group are the “trusted” users in subsidiaries where Dexia Technology Services controls the IT infrastructure and which are therefore “compliant” with security requirements. A second group are those users in the Dexia subsidiaries that are independent in terms of IT, who log in via a managed network link, which means that the Digipass is not necessary.
The third group logs in via an Internet connection and so needs a Digipass. As a result, the user group with Digipasses has been significantly restricted, which makes it feasible from an administrative point of view.
Authentication on the servers depends on the user level via Active Directory and/or Radius. As a result, the process is clearly streamlined and by being organized in this way, Dexia avoids having to work with a chain of linked procedures. An integrated system is more business-secure and requires far less effort and expense in terms of management.
Single Sign-on“The solution that we have worked out with ISA Server 2006 has the definite advantage of users only having to log in once,” continues Jean-Luc Bruwier. “Once logged in, they can consult all of the information to which they have access without having to enter their login and password each time. We do, of course, have a whole system of classifications so that each user is given a clear-cut position and the rights that go with it. This means that confidential information is only available for a clearly defined group of users.”
“As a result, users no longer need to keep a whole laundry list of logins and passwords,” adds Johan Smekens. “Once the strict authentication procedure has taken place, our people save lots of time because they are able to switch quickly from one source of information to another.”
User-friendly solution
In addition to the single sign-on, there are also a number of other benefits with the Microsoft ISA Server 2006 solution implemented by Dexia. The threshold for users is very low, so they can continue to use the tools they are already familiar with without any problem. “But it goes further than that,” says Kris Vanrusselt. “As part of the study phase, we built in a feature that makes it possible to work on internal links to documents externally as well. So when someone sends a link to a report to an external user, that link continues to operate provided the external user is logged in.”
Another important factor is to limit the training requirements for this type of application. Users are in a familiar environment, which simplifies things significantly. The knowledge they already have can be re-used, so users can get to work immediately via a simple URL. All they need is a button on the desktop. This is a major departure from the old remote desktop connection, which needed a number of different operations to work.
“We can also see a number of benefits on the business side. In addition to the enormous security features already mentioned, there are significant advantages in terms of maintenance and management. This application can easily be kept up and running with a small team.” This system takes Dexia a clear step forward in terms of control. Whereas traffic could not be monitored before, this is now very much an option.
“This project required a great deal of energy for three months,” concludes Jean-Luc Bruwier. “But the result is a highly effective and secure system that our people very much enjoy using.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
www.microsoft.com
For more information about Dexia Bank visit the Web site at:
www.dexia.be
Microsoft Forefront Product Portfolio
The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published June 2007
