|
Founded in Mannheim in 1886, Swiss Re Frankona went through many changes throughout its 120 years of history - changing locations, brand names and owners. In June 2006 Swiss Re Group completed the acquisition of GE's reinsurance and insurance arm, transforming former GE Frankona into Swiss Re Frankona, and making it part of the world's biggest reinsurance company. During these eventful times Frankona developed many long-lasting customer relationships, always sharing their expertise and technical excellence with the clients.
|
|
|
Swiss Re Frankona has an iSeries model 810 running under V5R2. They operate a specialist reinsurance application known as Writasure and some other self-developed programs using the same data. Through that system, Swiss Re Frankona serves the aviation, marine and catastrophe underwriting business, produces statistics and maintains bookkeeping. With some 60 users they use TN2520 terminal emulation, FTP and import tables through ODBC Access databases and Excel spreadsheets.
|
|
|
Security considerations require that most users have no command line access on a TN5250 session. They have of course write access to the Writasure files, but only using the Writasure application to ensure controlled activity.
|
|
|
Swiss Re's data security experts identified two areas where access to the iSeries could not be restricted. Firstly using ODBC from a client, write access can be configured and with the file access permissions, write access to tables would be possible by a user who would normally only have access through Writasure. The second was rmtcmd [what's that?].
|
|
|
These back-door routes to the iSeries and its database needed to be controlled tightly for security reasons. Then, of course there was Sarbanes-Oxley!
|
|
|
SOX was a driving factor to use such a tool and was a good argument to install such a product, according to Rainer Bernhardt who is responsible for system security. "Apart from SOX it is something we really needed" says Rainer". If someone really changed a table via ODBC, it would have caused severe problems. It would have been between difficult and impossible to find ODBC access as the reason" he added.
|
|
|
Together with Kurt Hiergstetter, a reinsurance expert with more than 30 years experience and the AS/400 applications administrator, Rainer set out to find a security solution, which would be simple to install and maintain. The recommendation of trying Enforcive/Enterprise Security came from IBM Business partner Team Loevenich.
|
|
|
Rainer and Kurt handled the implementation straightforward, any questions they had being answered by the Enforcive reseller or Enforcive support. They had defined their scope in advance and after just a few days they moved from simulation (Warning mode) to full protection (reject mode).Both were happy with the trial, particularly liked the graphical user interface and choose to go with the product.
|
|
|
Today, they split the ongoing handling done through Enforcive between them.
|
|
|
The access control module is the main function for which the product was acquired in the first place and it remains the main module used at Swiss Re. Kurt points out that for eventual problems, they use the auditing features for investigation.
|
|
|
Now Enforcive/Enterprise Security is protecting Swiss Re's systems, the company has control of file access other than through TN5250 emulation, especially ODBC.
|
|
|
"Auditors were happy with the solution and did not ask for more yet" said Rainer. "It is easy to use and has a comprehensive user interface". He says the product shows its value in particular in that is gives him "a strong sense of security and administration".
|
|
|
|
|
