Principality Building Society is buying configuration control and change auditing software from Tripwire to monitor for system alterations and enhance security across its tier one servers, including 120 virtual servers. It will give the mutual greater insight into the state of its networks, servers and applications at any given time – for instance, any alterations to the website codes and permission levels will trigger a security alert. Consistency and availability of IT systems will also be improved as changes can be monitored in test environments, meaning applications should be able to be brought to market quicker

The deployment of Tripwire’s server monitoring software will equip Principality Building Society with comprehensive change auditing capabilities and mean it adheres to the recommended technical security guidelines set out by the Centre for Internet Security (CIS). While monitoring for change across all networks, servers and applications, automatic email alerts will also inform the security department of any alterations to certain folders across Principality’s web-based applications. As Islwyn Davies, information security manager at the Society, explains: “With Tripwire in place we can monitor change across all website code and database objects, including permission levels. As such the security team will be instantly alerted if someone without authorisation gets access to a high-level file, allowing us to investigate it immediately.”

Other products were evaluated by the mutual during the specification phrase of the project but the Society chose Tripwire because of its ease of use, rapid implementation and low cost of ownership. According to Marc Jones, infrastructure manager at Principality: “The system does not require full-time maintenance, all the information we need is well presented in an easy-to-use format, making it simple to get the right information out of it and pull reports as and when they are needed.”

The Tripwire server monitoring system will be integrated with Principality’s Microsoft System Centre Operations Manager (SCOM), enabling the new console to incorporate and support compliance requirements in future, just as it does performance and availability presently. It will also be deployed across Principality’s non production environment. “With Tripwire integrated into our test environments – monitoring change and ensuring that it is consistent throughout the test-cycle – we will be able to bring new applications to market faster, making us more agile and efficient,” explains Jones.

“Tripwire’s ability to automatically audit all change across the infrastructure will transform our audit processes,” concludes Jones. “Previously we had to undertake manual audits which could take up to a week to complete but now we have real-time information available that gives us confidence in the security, integrity and availability of our IT infrastructure.”

As Wales’ largest mutual building society Principality, based in Cardiff, has over 150 years of experience as a financial institution, over 450,000 members and over 1,000 staff throughout a network of 51 branches. Underpinning its day-to-day business activities are three data centres that are centrally hosted and managed by an IT team based in Cardiff. The servers deployed here will be monitored by the new Tripwire software.

Share Story: