Case Study - Smurfit Kappa Kraftliner Pitea (SKKP)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Smurfit Kappa Kraftliner Pitea (SKKP) in the north of Sweden is Europe's biggest producer of kraftliner, a base paper used for the manufacture of high quality corrugated packaging. They started business in 1962 and today have an annual output of some 700,000 tons. As part of the Smurfit Kappa Group, which is partly owned by the Chicago-based private equity firm, Madison Dearborn Partners, compliance with the American Sarbanes Oxley Bill was defined as a corporate target.
Their production System i provides the computing power to over a hundred users. It runs proprietary financial applications and an in-house developed system for sales and distribution. FTP, Telnet and the IFS are heavily used with most other types of network access being made also, albeit less frequently. In addition, several customers and suppliers have the ability to connect to the central computer.
"SOX compliance was the compelling issue for us. We can now collect and offload security audit data and keep it safe until we need to dig down into it."
Once the decision was taken to get SOX compliant, Kent Lidman, the SKKP IT Manager, approached the company's VAR, IBS Norra Norrland AB and requested their recommendations. IBS has extensive experience in the security and compliance field and suggested Enforcive/Enterprise Security as the fastest way to provide a solution to the requirements most important to SKKP.
"We wanted an all-inclusive product that could provide network access control and powerful auditing" said Jan-Erik Johansson, Senior IT Advisor and Security Officer at Smurfit Kappa Kraftliner Pitea. "SOX requires us to keep security audit data for 7 years and we wanted a way to relieve disk space on the System i while still keeping the data readily available for auditing". He added that segregation of duties was also an important requirement for the organization's SOX compliancy.
IBS assisted in the product installation which went "perfect" in the words of Jan-Erik. He first implemented the features in the product most required by SOX. These included application access control and the whole set of audit modules: application audit for network access and exit program auditing, application analyzer for a graphical display, file audit to monitor database changes, the central audit and alert center but most of all, the CPA - Cross Platform Audit. "SOX compliance was the compelling consideration for us. We can now collect and offload security audit data and keep it safe until we need to dig down into it" said Smurfit Kappa Kraftliner Pitea's. Senior IT Advisor.
These remain the most important Enforcive/Enterprise Security features for Smurfit Kappa Kraftliner Pitea's IT department although they have recently also started using security systems management features like the user profile manager, object authority manager and administration role manager.
The CPA's ability to combine audit data from different sources into one consolidated audit and its powerful filtering capability gives Jan-Erik just the tool he needs when he has to undergo a deep investigation. "What makes this tool really shine is the way we can make a fine-grained drill down of the parameters we need - like object, IP address and application sub-function", he explains. Kent Lidman, IT Manager adds. "We get to what we are looking for quickly without having to wade through tons of audit records".
"Enforcive/Enterprise Security with the Cross Platform Audit has everything we need and more - SOX compliance functions, stability and cross platform usage functionality".
Jan-Erik Johansson said he will soon be expanding the number of Windows servers from which he imports audit data. "We currently import audit data from one System i and one Windows server - it's incredible that we have a single audit, made up from such different environments, and can even list events from both sources on the same screen". "Enforcive/Enterprise Security with the Cross Platform Audit has everything we need and more - SOX compliance functions, stability and cross platform usage functionality". He concludes, "We are using the CPA to prepare for an upcoming internal audit. I am setting up the audit reports I know the auditors will be looking for".
© 2013, Enforcive Systems Ltd. All rights Reserved.
|