INDUSTRY: Financial Services
BUSINESS: SBV Services is South Africa’s leading cash risk management company, specialising in moving and processing cash, cheques and valuables safely and securely.
SIZE: 1,001-5,000 employees
BUSINESS CHALLENGE: SBV Services must protect highly sensitive financial data, as well as logistical information about the movement of enormous amounts of cash and other valuables.
- Qualys Cloud Platform
WHY THEY CHOSE QUALYS CLOUD PLATFORM:
- Rapid time-to-value meant that IT staff could focus on getting results.
- Comprehensive and flexible automated reporting capabilities ensure that IT staff and management quickly understand emerging risks.
- Easy access to learning materials online ensured rapid adoption and short time-to-value.
Rapidly Detecting and Addressing Security Threats to Mitigate Risk
To protect its business systems from increasing internal and external security threats, SBV Services implemented a cloud-based risk-management platform to identify and track potential vulnerabilities.
SBV Services specialises in wholesale and retail cash processing and transiting, offering services such as bulk asset movement, asset management consulting and guarding resources. With 33 centres across South Africa, SBV Services provides end-to-end solutions for a wide range of clients and industries, including banking, retail and entertainment companies as well as government institutions.
Protecting Sensitive Information from Every Angle
SBV Services is responsible for moving the majority of all cash in South Africa, and keeping its business systems secure is of fundamental importance. The company places great emphasis on closing any potential security gaps in the numerous systems, such as cash processing, logistics and financial settlement applications that store its own or its clients’ sensitive financial data. With a number of business critical applications involved in its cash processing operation alone, this is no small task.
Kevin Govender, IT Security and Compliance Manager at SBV Services, states: “The success of our business hinges on our ability to keep our risk footprint as small as possible.”
“In the past, around 80 percent of our security effort was focused on the edge of the network and maintaining a secure perimeter. But as more of our systems are open to partners and clients, the risk of breaches happening inside the firewall is growing fast.”
A further potential source of network risk is that more and more employees are choosing to bring their personal mobile devices onto the company network.
“With anywhere from 500 to 1,000 personal devices, such as tablets and smartphones, active on the network at any one time, and with all staff able to access mail and other data via VPN clients, the potential attack surface has grown quickly,” states Kevin Govender.
“Qualys Cloud Platform has taken our ability to recognise and address both internal and external security threats to the next level.”
IT Security and Compliance Manager,
Qualys Solution – Right On the Money
Recognising that the growing scale of its IT infrastructure made manual approaches increasingly unworkable, the SBV Services IT team reviewed its tools providing automated vulnerability assessments and reporting.
After considering solutions from a number of vendors, SBV Services decided to follow recommendations from leading global IT analyst firms advocating the Qualys Cloud Platform—an integrated suite of powerful IT security and compliance solutions.
“Through the Qualys website and online community, we could gain a deeper understanding of its features. Based on what we found, we determined that Qualys Cloud Platform was the solution best suited to our requirements, and decided to implement it,” explains Kevin Govender.
After starting with a controlled Proof of Concept, SBV Solutions implemented Qualys Cloud Platform, gaining a dynamic central repository of information on cross-platform vulnerabilities and how to mitigate them.
Kevin Govender comments: “Qualys Cloud Platform has taken our ability to recognise and address both internal and external security threats to the next level.”
Sky-High Data Security
The small IT team at SBV Services lacked the time required for deploying an on-premise vulnerability management solution.
“Qualys Cloud Platform is available for cloud-based deployment on a Software-as-a-Service [SaaS] basis, meaning that we could start using it extremely quickly,” states Kevin Govender. “Setting up the solution was very simple and did not distract us from our day-to-day work. We could simply focus on using the technology and getting the benefits.”
Qualys’ Vulnerability Management solution, which sits on top of the cloud platform, scans all systems on the SBV network, automatically detecting and flagging any known vulnerabilities, and generating detailed reports that let IT staff know which patches they need to install. The solution provides multiple levels of reporting, from these patch reports up to top-level reports on the overall risk, such as the total number of Level 5 or 4 vulnerabilities. This built-in reporting capability was one of the key features that attracted SBV Services to the Qualys solution.
The effectiveness of the Qualys Cloud Platform was proven in a highly visible way when the Heartbleed security bug hit the headlines.
“Qualys Cloud Platform provided us with very early intelligence on Heartbleed, enabling us to accurately gauge the level of risk it posed to us,” remarks Kevin Govender. “The solution pinpointed all vulnerable systems very rapidly, and helped us to track our resolution processes.”
“Our rapid reaction to the Heartbleed bug alone proved the value of investing in the Qualys Cloud Platform, enabling us to demonstrate tight governance to internal management and external clients alike.”
Rapid, Regular Risk Reporting
Automatic vulnerability assessments and reports from the Qualys Cloud Platform give SBV Services staff a clear view of potential security issues across the entire network, including personal devices, saving significant time and effort. Reports are issued throughout the company, from risk executives down to the teams running each application or service, enabling efficient, effective and transparent response to identified threats.
Kevin Govender adds: “The Qualys solution features have remarkably sophisticated reporting capabilities, giving us the information we need at the speed we need it.
“We now perform weekly scans of all end-user devices at head office, as well as ad hoc scans at branches. No stone is left unturned, as the scans also cover personal mobile devices, such as tablets and smartphones. As with the Heartbleed bug, when we receive reports of new potential threats, we can run them against our asset base and send out clear communications to the relevant technical people.”
Kevin Govender concludes: “Fast reporting facilitates fast responses, which is exactly what we wanted. We can now monitor all end-user devices, identifying and resolving any vulnerabilities efficiently. We are confident that using Qualys Cloud Platform will help us to further improve our risk mitigation strategies in the future.”