Bwin International aiming for automated risk compliance

As a publicly traded company whose business model to provide online sports betting is based entirely on e-commerce transactions, Bwin International must adhere to stringent consumer confidentiality and data security standards to meet Payment Card Industry, the European version of Sarbanes Oxley and European privacy requirements.

"Because we are a pure-play e-commerce business in a heavily regulated industry, our IT infrastructure must be secure and able to support millions of transactions at all times," explains Oliver Eckel, head of corporate security for Bwin Interactive Entertainment AG. The company's IT infrastructure is made of more than 2000 assets, including computer servers, operating systems and applications, and network devices.

Bwin had numerous automated and manual processes in place to address the daily myriad of IT control issues. With multiple regulation requirements and a strong commitment to the protection of customer data, Bwin's security and IT managers were continually monitoring risk within their environments while facing the challenge of mapping that information to manual surveys and information from vulnerability scanners and security incident managers. Once aggregated, this information was mapped to regulations to assess their relative degree of compliance. This was a very costly and time-consuming process.

As the PCI Data Security Standard validation requirements continued to grow in number and scope, Bwin found itself diverting precious staff time and operating budget away from growth supporting initiatives to reactive activities such as regulatory audits, which was unacceptable. The search therefore began for a solution that would help the company meet its short term PCI DSS compliance objectives and be extensible to automate other compliance and risk management processes as required to achieve long-term cost efficiencies.

Bwin chose the Agiliance solution because of the completeness of the solution and its ability to integrate off-the-shelf with Bwin's existing security applications. The Agiliance solution is a web-based application designed to provide quick time to value by automating existing compliance processes and provide long-term cost efficiencies by helping companies move to a risk-based business model.

According to Eckel: "Successfully balancing today's risk management, cost reduction and compliance equation can be a difficult feat especially when dealing with multiple regulatory requirements across the globe. By tapping Agiliance software to automate risk management and compliance processes, Bwin is able to improve security and reduce costs while achieving and maintaining compliance with multiple regulations.

"What makes Agiliance so useful to us is that it gives us centralised access, management and control of both manual and automatic controls. That single process improvement, in and of itself, provides us with a much more efficient, productive management capability. Moving forward, we intend to leverage Agiliance to be our security management 'cockpit' and expect to realise substantial operational and strategic advantages by doing so."

Using Agiliance risk management and compliance software, Bwin mapped IT risk to business risk. Thanks to the pre-defined mapping of multiple regulations within the Agiliance product, Bwin was able to extend the same automated, risk-based approach for compliance to other regulations including the European version of Sarbanes Oxley and European privacy requirements as well as respond to regulatory updates such as the current release of PCI v1.2.

Agiliance is sure that with a current and accurate visibility into how IT risk affects the entire organisation, Bwin can now more effectively allocate IT resources and activities based on business objectives and acceptable levels of risk. The Agiliance solution helps Bwin to normalise and combine risk from non-compliance with regulations and standards, identify IT security and system automation gaps as well as process related risk. With a consolidated dashboard view, business managers and executives have the intelligence they need to make more informed decisions with confidence and ease.

Agiliance are represented in Malta by KLF Consulting. More information is available at www.agiliance.com or through e-mail to info@klfconsulting.eu .