application and implementation strategy - gtug€¦ · management it: itil, security, audits (pci,...
TRANSCRIPT
![Page 1: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/1.jpg)
GTUG, April 17th, 2012 - Wolf-Henner Ruhnau
Application and Implementation Strategy
![Page 2: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/2.jpg)
IT – Where are we?
![Page 3: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/3.jpg)
Some Figures (approximate)
200 server systems
2.6 billion (technical) transactions / year
735 Tps peak
1.1 million invoices / year
280 thousand debtors
260 thousand terminals
210 thousand reports / year
![Page 4: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/4.jpg)
Service Level Agreements
Services SLAs Garanteed
Transaction Processing Availability
IP-Access 99,9% p.a.
Datex-P 99,8% p.a.
ISDN / Analog 99,7% p.a.
Response time 99%<300ms
Capacity Min. 10% > max.
Max. down time 30 min
Clearing Settlement Completeness 100%
Cut-off time not reached 1 / quarter
OLV + Risk Index Availabilty 99,9% p.a.
Response time 99%<300ms
Capacity Min. 10% > max.
Reporting Completeness 100%
Cut-off time not reached 1 / quarter
Receipt Management Availability 99,7% p.a.
Restore Max 12h
Capacity Min. 10% > max
![Page 5: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/5.jpg)
Customer Satisfaction
Measurement Customer Satisfaction
– Meeting communicated milestones (In-time delivery)
– Overall fulfillment of requirements
– #defects during acceptance
– active monitoring of SLAs during operations
– Incidents per customer and severity
Measurement of Software Quality
– Overall fulfillment of requirements
– #test cycles needed per test stage
– #defects per category and test-level
– #rejected acceptance candidates
![Page 6: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/6.jpg)
What do we want to be?
![Page 7: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/7.jpg)
agile
fast
efficient cheap
effective
trustworthy
solid
enabling
leading
.. all the buzz words
skilled
![Page 8: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/8.jpg)
IT Vision
strategic partner for customers
Know-how for kernel processes
and –functions in-house IT
integrated multi-channel SOA
![Page 9: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/9.jpg)
Business Services
• Acquiring Services
• Internet Services
• Internationalisation
• 2 party vendor
Tactical movements
2010
2011
2012
Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation
Business Departments: Processes, Project Management, Audits (BCM,
PSD, BAFIN, …), Organisation
Infrastructure
Applications
• Risk Index 1
• mobile Payment (mpass)
• Transaction Monitoring
• Internet Payment 1
• Fraud Detection
• porting JavaCaps
Applications to NSK
• Internet Payment 1.1
• Contactless Payments
• Risk Index 2
• OLV next generation
Business Processes
• Workflows
• Automation
• Optimisation
• Orchestration
2013
• Own Data Centres
• NSK Blade Systems
• Migration X.25 to IP
• Windows + SQL 2008
• +2 NSK CPUs
• New Hitachi SAN
• New CISCO Switches
• [+2 NSK CPUs]
2009
![Page 10: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/10.jpg)
Security
Target Environment
BPM
inbox
request
application
data access layer / transaction security
internal portal
scores transactions invoices docs
external portal
Reporting
logging
Accounting / Clearing
User monitoring
Business Process
A
statistics Roles Permissions Groups alerts
Business Process
B
Business Process
N
…
OLTP
Transaction, Terminal, Revenue,
Configuration, Documents, Receipts
technical data Analytics
Customer, Contract, Condition, Order
financial data
![Page 11: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/11.jpg)
What does it mean for
Applications?
![Page 12: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/12.jpg)
Systems
![Page 13: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/13.jpg)
Databases
Reporting
Master Data
Scorecards WEB-RDN Reports
HWD
Card B/L
Loyalty
Accounting
Riskindices
Revenue
Trans-actions
Config
OTM
Fraud
Payments
HWD
Enscribe NonStop SQL Microsoft SQL Oracle SQL
Document Management
Return Debit Notes
WEB-RDN Reports
WEB Service- Orders
BI/BO (SPSS)
Clearing
SAP
Fraud Detection
![Page 14: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/14.jpg)
from IT-Operations: 7x24 Monitoring
Equipment and Network
– Nagios, Prognosis
Central Processes
– UC4
![Page 15: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/15.jpg)
Extract, Transform
Save
File transfers (batch)
• Export/copy/transport/import occupies ~3 times the disc capacity than needed
• Timely synchronisation of systems and applications increasingly complex
• Window to update all applications is constantly shrinking
• New applications / projects will need additional transfers and further complicate the situation
Monitoring UC4-Server
- A single link between databases usually includes several files
- hundreds of file-transfers a day
- High bandwidth demand between locations / servers
- Up to four systems are needed:
* sending system
* receiving system
* central file transfer system
* central monitoring system
Extract, Transform
Load
File Transfer FTP-Server
! Hardwired by IT ® - business processes and logic !
DB File DB File
Receiver
Sender
![Page 16: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/16.jpg)
Curing the issue..
• Establishment of re-usable services
• Leaves data where it is
• No copies – no synchronisation needed
• Data is accessed via documented APIs
• Works across all systems
• inherent up-to-date for all application
• Centralization into small number of databases
• Classification according to the business criticality
• Located on system that provides the required availability
Program
API Call
![Page 17: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/17.jpg)
Data classification..
to define the location and processing environment of data
Availability Overall time to access and process vital (application) data
Data Integrity Potential of data corruption or loss of consistency during processing
Confidentiality Level of protection against fraudulent use
Reliability Overall measurement for the result of correct data processing
Restorability Maximum time allowed to restore processing data after failure
-> documented and part of SLAs with customers
![Page 18: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/18.jpg)
Service candidates
• Bank Number (check, convert, map name)
• Account Number (validate, convert)
• Credit Card (black/white list)
• BAFIN (registration, deregistration)
• Schufa (query, registration, deregistration)
• 3D Secure
• Address (find, complete, correct, validate)
• Currency (query, convert)
• Risk Index (select, compute, configure)
• Document (invoice, sales slip, ..)
• Consumptions (aggregation, forwarding)
• Authorisation (user, role, permissions)
• Transaction (query, match, update)
• Revenue (query, match, update)
• …
API Call
![Page 19: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/19.jpg)
Guidelines for applications
24h Operation -> no planning for batch time slots
Mission critical applications and data on NonStop Kernel
Real-time -> no post processing „jobs“ for data clean-up etc.
File-Transfers and Batch processing only if indispensable (e.g. for banking and customer interfaces)
Customer access and self-provisioning using WEB technology
GUI elements always with national language support (German, English, French, ..)
Implementation of common functions as SOA-Services
must fit into 3-tier architecture
must use one logical SQL DB (no structured files)
must re-use existing databases and SOA-Services
![Page 20: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/20.jpg)
Example mpass
![Page 21: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/21.jpg)
Methods and Tools
![Page 22: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/22.jpg)
Process Model
tailored ISO 15288 / ISO 12207 System / Software life cycle processes
tailored ISO 21500 (draft) Project and Portfolio Management processes
Beside documentation, quite some work left
![Page 23: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/23.jpg)
Development Life Cycle Tools
-> most information is electronic; paper is used for customers / partners
Project Management
MS Project, MS Office files, participate
Requirements Engineering
HP Quality Center (ALM, RM)
Release Management
Dimensions PVCS CS
Change Management
Participate (for transition to Operations) Dimensions PVCS CS
Architecture and Design
No explicit modelling tool (partially UML)
Development
for Windows and NSK Guardian and OSS
Languages: C, C#, VB, C++, Java
MS Developers Studio, Eclipse
NSK: cross Compiler, Linker and Debugger
Windows: native Compiler, Linker and Debugger
Open Source: Eclipse with Plug-ins
Verification and Validation
HP Quality Center (Test Cases, Defects)
OLTP: Test automation with PDIAG and AS-Simulation
GUIs: QTP, SoapUI, JMeter *new: HP Fortify 360 *new HP Webinspect
Configuration Management
Dimensions PVCS CS
![Page 24: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/24.jpg)
Way To Secure Software
![Page 25: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/25.jpg)
It is possible to create good Software without Continues Integration, but
.. with frequent builds you will find failures earlier.
in a multi-developer environment the team communication will be increased
the current status of the project will be reported
Unit-Tests and SCA can be directly integrated in build procedure
you are able to deliver software almost any time
Why Continues Integration?
!
![Page 26: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/26.jpg)
Why Static Code Analysis?
"Since most security for Web applications can be implemented by a system administrator, application developers need not pay attention to the details of securing the application…“
BEA WebLogicServer Security Documentation
?
![Page 27: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/27.jpg)
Why Static Code Analysis?
But… Infrastructure attacks are been faced with all the following obstacles and elements
Adversaries have lot fewer obstacles when attacking code
![Page 28: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/28.jpg)
Why Static Code Analysis?
Top 10 Web Application Security Risks for 2010:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
www.owasp.org
![Page 29: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/29.jpg)
Increasing number of vulnerabilities..
Software contains a lot more lines of code, for example – Windows NT 3.1 5 Mill. LOC
– Windows Server 2003 50 Mill. LOC
More developers working on one application, therefore the overall system knowledge is been lost by individuals
Time Is Money … … No Time To Think!
![Page 30: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/30.jpg)
Why is a Static Code Analysis needed
Secure web applications are only possible when a secure software development lifecycle is used.
![Page 31: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/31.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Developing
![Page 32: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/32.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Check-in new code
![Page 33: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/33.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Scheduled Check-out and build
![Page 34: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/34.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Handover for Secure Scanning
![Page 35: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/35.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Scan Results upload
![Page 36: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/36.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Auditor Reviews Result
![Page 37: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/37.jpg)
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Auditor Submits Security
Issues to Bug Tracker
Build & Scan Flow
![Page 38: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/38.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
Developer picks up defect and writes fixes / patch
![Page 39: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/39.jpg)
Build & Scan Flow
Build
SCA
SSC
Source Code
Repository
CI Server
Developer
Defect Tracker
Auditor
And so on …
![Page 40: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/40.jpg)
CI & SCA & PEN Test Integration
![Page 41: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/41.jpg)
Ingenico World
![Page 42: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/42.jpg)
Data Centres
![Page 43: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/43.jpg)
Scope
NAR
NER
Spain
Turkey France
Group IT Germany
LAR
Italy
Australia
Findings
5+ Transaction platforms
>900 peripheral Servers
>1.000 Network & Communication
lines
>48 Data Center
15 IT Organisation Units
Processes
heterogenous
Communication
heterogenous
Collaboration
dispersed
Needs
harmonized
Infrastructure
common
Architecture Management
standardized
Organization & Processes
Findings and Needs
![Page 44: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/44.jpg)
Processing platforms
Five independent processing systems
.. plans to acquire more
Different scope and processing capabilities
Several redundant functionalities
Isolated data islands
High TCO
•Scattered computing environments
•Dispersed know-how
•All sorts of tools
•Selective disaster recovery
•High maintenance effort
•No deployment infrastructure
Unequal Environments
Access Systems Application Servers
TRX-Monitors
Databases
Operating Systems
![Page 45: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/45.jpg)
Architecture? - Terminology
Enterprise Architecture
Software Architecture
Hardware Architecture - Infrastructure
Server Op.Sys. Storage Backup DBMS Tools
AXIS
Poseidon Opal Korvac
IS Iberia SAP
Network
CRM
Exchange
Reporting
MDM
Workflow
DWH
DMS
TRX-Systems Peripheral Systems
Goals Bus. Proc.
Bus. Infos Roles
Org Structures
Org. Behaviours
their • externally visible properties • relationships between them
Business entities/components
Transfer2
![Page 46: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/46.jpg)
Vision
Processing solution(s) provided by a managed software architecture for Payment Services and VAS Transactions
For international customer base,
Transactional and real-time,
High Available, Scalable and Secure
Re-usable components of high quality,
absolute data integrity,
online measurable KPI‘s
Business
Processes
Software
Solutions
Infrastructures
User interfaces
Functions Data Security
Integration
Enterprise Architecture
Software Architecture
Hardware Architecture
Environmental Trends Business Strategy
Current-State Architecture
Future-State Architecture
Org
aniz
e A
rch
ite
ctu
re E
ffo
rt
Develop Requirements
Develop Principles
Develop Models
Architecting
Governing and Managing Closing the
Gap
Application Architecture is derived from business strategy, enterprise setup and technology drivers:
Managed through an Architecture Board
Provides detailed solution requirements
Provides governance for transition process
![Page 47: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/47.jpg)
Strategy
Architecture Board
incorporates major platforms / solutions
selects architecture and design patterns
Regions & Subsidiaries
Core
Delivery
80% On
release
• 20% off release
• Configuration
• Administration
• Local adoptions
• re-usable SW Components
from ?/100% to 80/20% central delivery over time
step-by-step, evolutionary
model
General guideline and
policies
Implementation decisions
best of technology
and available components
Detailed components requirements
re-useable components
![Page 48: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/48.jpg)
Ingenico Processes
![Page 49: Application and Implementation Strategy - GTUG€¦ · Management IT: ITIL, Security, Audits (PCI, PA-DSS), QA, Project Mgmt., Organisation Business Departments: Processes, Project](https://reader035.vdocuments.mx/reader035/viewer/2022081401/5f0509cb7e708231d410f38b/html5/thumbnails/49.jpg)
49
Thank you for your attention
easycash GmbH
Wolf-Henner Ruhnau
Am Gierath 20
40885 Ratingen
Tel.: 02102/973-338
Q & A