customer success organization profile cartasi...
TRANSCRIPT
Customer suCCess
Cartasi s.p.A.Protecting Data with symantec endpoint Protection Facilitates Compliance with PCI standards
Today more than ever, compliance with payment card industry (PCI) standards is critical for any market leader in the payment system business. These stan-dards, which set extremely stringent rules for controlling and managing sensi-tive data, must be observed throughout the corporate network. CartaSi, one of Italy’s leading operators with more than seven million credit card holders and 700 client banks, has chosen Symantec™ as its technology partner for ensuring compliance with PCI standards and obtaining certification from the PCI Council. Using Symantec™ Endpoint Protection, CartaSi has been able to meet the four key requirements for obtaining this certification: managing data loss prevention functions, maximizing virus protection, optimizing firewalls, and implementing a network access control system. In short: with Symantec, CartaSi can control and manage all of the company’s external points of contact and prevent the disclosure, modification, and loss of sensitive data.
market leader in payment systems
CartaSi is one of the leading players in the complex Italian payment systems market. The com-pany manages nearly seven million credit cards. Founded in 1985 by leading Italian banks, today CartaSi has partnerships with 700 client banks and more than 400,000 merchants. In just over twenty years, CartaSi has built a solid structure able to handle more than €45.2 billion worth of transactions. According to data from the Bank of Italy, the CartaSi group has a market share of 40 percent by volume of sales through its management of 19 percent of the cards in circulation and 31 percent of the active cards.
The story of CartaSi has been one of continuous growth, and it has now reached a significant milestone with the group’s decision to comply with the PCI standards that have already been ad-opted by major international operators such as Visa, American Express, and MasterCard Interna-tional. This protocol establishes exacting standards for the management of clients’ credit card data through stringent checks, security procedures, and regular reports certified by an independent assessment body―the PCI Council. The protocol is applied by banks and merchants as well as by solution providers, such as Symantec The company is a Qualified Security Assessor (QSA).
orGANIZAtIoN ProFILe
CartaSi, a market leader in the Italian payment system business, provides credit card issuing and management services to banks and companies. The group has around seven million credit card holders, which represents 19 percent of the total number of cards in circulation, and it manages 31 percent of the active cards.
Website: www.cartasi.it
Industry: Finance
Founded: 1985
Headquarters: Milan, Italy
employees: 1000
symANteC soLutIoN
Endpoint Security
Why symantec?
· Optimized virus protection
· Maximized data loss prevention
· Network access control
Customer suCCess CArtAsI s.P.A.
To take this significant and essential step, CartaSi had to adapt its own network and implement a series of solutions for protect-ing sensitive data and ensuring the security of the corporate network. As a result, Car-taSi had to make an important decision: choosing the best technology partner to help the CartaSi Group achieve PCI certification by September 2009, the company’s target date. “We were looking for a solution that could satisfy a range of requirements: virus protection, data loss prevention, firewall, and network access control,” explains Emanuele Balistreri, head of information systems, CartaSi. After careful analysis, we decided that Symantec Endpoint Protection covered all of our needs in terms of functional, technological, and financial requirements.”
A single suite to meet PCI standards
The Symantec Endpoint Protection solution met the primary requirements outlined by CartaSi: controlling and managing all of the company’s external points of contact, from email to client PCs, to prevent the disclosure, modification, or loss of sensitive data such as credit card numbers and company billing information. Specific functionality is re-quired to meet these requirements, including improved virus protection, optimized firewalls, and the implementation of a network access control (NAC) system.
In practice, the Symantec solution blocks mails containing sensitive data, prevents confidential data from being copied to pe-ripherals such as CDs, DVDs, and USB pen drives; checks PCs outside the network against a blacklist before allowing access and, if necessary, forwards them to the sub-directory containing company-approved up-dates. The solution also blocks external ac-cess to PCs if the client is absent; and, last but not least, blocks viruses. “It was a radical choice that will also protect us against dam-age caused unintentionally and in good faith by staff,” confirms Emanuele Balistreri. “We are satisfied with the results of the pilot phase, even though we had to increase secu-rity on all our PCs and implement more com-plex procedures.”
soLutIoN At A GLANCe
Business Drivers
• Compliance with PCI standards
• Protection of sensitive data, such as com-pany sales or credit card numbers
• Managing the risk of data loss
technology Challenges
• Checking and managing the flow of sensi-tive data
• Managing access to PCs outside the corpo-rate networks
• Virus protection
solution
• Implemented a corporate security system to comfortably manage the risks inherent in data protection
symantec Products
• Symantec™ Endpoint Protection 11.0
technology environment
• 1,000 PCs
• 160 IBM P Series servers
• Three midrange servers
PAGe 4 BusINess VALue AND teCHNICAL BeNeFIts
• Implemented flow control on sensitive data, such as email blocking
• Maximized data loss prevention
• Optimized virus protection
• Protected client PCs from unauthorized access
• Improved control over access requests from PCs outside the network
• Continually updated blacklist
• Implemented a whitelist-based network access system
“We were looking for a solution that
could satisfy a range of requirements:
virus protection, data loss prevention,
firewall, and network access
control. After careful analysis, we
decided that Symantec Endpoint
Protection covered all of our needs
in terms of functional, technological,
and financial requirements.”
emanuele Balistreri
Head of Information Systems
CartaSi
“Being able to manage our
requirements using a single suite
instead of a series of products from
different companies saves time
on integration and simplifies data
management between parties.”
emanuele Balistreri
Head of Information Systems
CartaSi
Customer suCCess CArtAsI s.P.A.
The pilot phase involved about sixty PCs and helped CartaSi identify the functionality needed to meet PCI standards. Subsequent-ly, the company has begun roll out Symantec Endpoint Protection on its corporate clients. “Being able to manage our requirements us-ing a single solution instead of a series of products from different companies saves us time on integration and simplifies data man-agement between parties,” notes Emanuele Balistreri.
CartaSi’s partnership with Symantec also includes another phase―one which is close to being a revolution in data management: a ‘positive check’ of accesses, which involves replacing blacklists with whitelists. Under this system, access to the corporate networks will be based on a mandatory software inven-tory, and PCs with different applications will not be authorized. The operation is complex because Symantec must continuously check for updates of all software and the most com-mon programs.
In addition to the existing partnership for PCI-compliant data protection, we have worked with Symantec on web-image protec-tion in the past. In both cases, we have been satisfied with the results we achieved to-gether,” concludes Emanuele Balistreri.
“In addition to our existing partnership
for PCI-compliant data protection, we
have also worked with Symantec on
web-image protection in the past. In
both cases, we have been satisfied
with the results we achieved together.”
emanuele Balistreri
Head of Information Systems
CartaSi
Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Endpoint Protection are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. All product information is subject to change without notice. Part Number: 20028823