" With Vordel, BAT has been able to provision a global security infrastructure that is aligned to both technology and business drivers in a way that is standards based and fully conformant to company best practice in the security-operations space. Vordel's products provide BAT with the essential security and management framework to take advantage of Web Services technologies "

Gavin Targonski,
Technical Architect for Application Technology Strategy

British American Tobacco selects Vordel to secure and manage its global SOA infrastructure for improved supply chain efficiencies

Customer: BAT
Industry: Manufacturing
Deployment Country: UK
Solution: Increase supply chain management efficiencies via XML-based application integration as part of BPM initiative
Products: Vordel XML Gateway, SAP NetWeaver, Oracle

Introduction:
British American Tobacco (BAT) employs almost 100,000 people worldwide, with 85 factories operating in 66 countries. As a large global organization, BAT has a diverse and complex IT environment which includes SAP, Siebel, and Oracle systems.

Business Objective:
In order to cost-effectively integrate its enterprise applications together and improve business intelligence reporting, BAT made a strategic commitment to Web Services technologies. The objective was to provide senior management with easier access to business intelligence previously buried deep inside back-office systems and to increase efficiencies by removing the requirement to manually re-key data between systems.

Business Challenge:
With the power and flexibility of Web Services comes significant security and management challenges. In BAT, the business intelligence data exposed by the new Web Services layer was highly sensitive. Therefore, the company required strict access control to this data in order to ensure that only authorized users could view appropriate data. Furthermore, speed of processing and availability of the information could be potentially delayed due to the processor intensive nature of XML data processing.

Technical Challenge:
In order to comply with the strict privacy requirements, security policies needed to be enforced throughout the company's architecture, not just at the network perimeter. All data had to be encrypted while in transit across the network. XML data had to be scanned for new attacks such as "XML Denial of Service" attacks. This deterred internal attacks and also provided for a full evidential audit log of user access to the core business systems.

The solution also had to be platform-agnostic, since both J2EE and .NET platforms are used within the firm and had to be interoperable with SAP NetWeaver and Oracle.

The solution also needed to provide an audit log of transactions and alerting functionality to ensure uptime and integrity of all the services made available to the authorized employees and partners accessing these services.

Benefits/Results:
A strategic solution to provide a security and management umbrella for its Web Services traffic, rather than choosing short-term solutions such as relying on platform security or using programming toolkits. This strategic solution gives BAT the security and management bedrock on which to run its Web Services projects for the future. A strategic security integration solution which means that BAT does not need to revisit security considerations for Web Services

Reduce maintenance costs - by centralizing its security policies for XML traffic, BAT protects itself from costly management of multiple "silos" of security information.

Re-use existing security infrastructure - Vordel's products integrate with identity management infrastructure, such as directories, which are already in use within BAT.