Ensure data privacy regulatory compliance, while creating improved data structure visibility to streamline data management.
Because BELBİM is classed as a financial institution, it must comply with local regulations, such as KVKK (Turkish Personal Data Protection law), and global regulations, including PCI DSS that all payment card providers are required to comply with. Basically, financial data needs to be protected wherever it resides or travels. Olcay Nisanoğlu, IT Director at BELBİM, explains further: “Our priority is data privacy legislation compliance. However, we also want to enhance our data management business processes and IT workflows. This is a good opportunity for us to improve our data structure visibility and take this project beyond just data protection, and into effective data discovery and management.”
Plainex Technology, Voltage Platinum Partner and International Partner of the Year 2022, specializes in delivering integrated solutions. Hikmet Kılıç, Managing Partner for Plainex Technology comments: “From the early days of the project, we were united with our customer BELBİM on the need for sustainability, as well as cost savings. This is why we felt comfortable recommending the Voltage solutions by OpenText to the BELBİM team.” Voltage Structured Data Management (SDM), Voltage Fusion, and SecureData integrate to discover and protect structured and unstructured data throughout its lifecycle and ensure effective on-premises and cloud-based data governance. Data management within BELBİM test and development environments will be included in the project too, to protect any personal data leaks via those routes.
Leveraging the Voltage solutions to reduce the amount of processed data and consolidate our IT architecture means not only full regulatory compliance, but we can now also assign our IT professionals to more value-add tasks.
A deep technical evaluation led to an executive recommendation of the Voltage portfolio and a start of the project with Plainex and Voltage experts. The first step was to leverage the Voltage solutions to quickly discover sensitive data, classify high-risk data, and secure it to maintain data privacy. “We realize that structured and unstructured data have very different attributes and were delighted that Voltage SDM and Fusion could automate the discovery of sensitive data in both domains within just a matter of days,” says Nisanoğlu. “With the support of SDM data dictionaries that cover localization, we successfully discovered thousands of tables and terabytes of data in a variety of databases, such as Oracle and MS SQL. The data visibility was a revelation, as we realized that much of the discovered data was unused, unnecessary, or obsolete.” Now that the team knows where sensitive data resides and how it is structured, substantial savings can be realized for the organization. Over 1,000 database tables could be deleted, and more than 140 database servers were shut down. This saved 230 CPU cores, 12 terabytes of memory, and 20 terabytes of disk storage. “The Voltage solutions supported a drastic reduction in our energy consumption and CO2 emissions by shutting down physical servers, SAN switches, and data storage platforms,” says Nisanoğlu. “This saves costs and is also a major step in our corporate commitment to be more environmentally friendly.”
Our starting point was encryption of critical data and we used Voltage SecureData’s format-preserving encryption (FPE) for this. We found SecureData particularly helpful in preserving referential integrity of specific database fields, as it creates unique values that are carried through wherever the data moves.
With a new rationalized data environment, the attention was turned to effectively protecting sensitive personal data. Nisanoğlu comments: “As an organization, we went through a paradigm shift toward ‘not everyone needs access to all data all the time.’ Our starting point was encryption of critical data and we used Voltage SecureData’s format-preserving encryption (FPE) for this. We found SecureData particularly helpful in preserving referential integrity of specific database fields, as it creates unique values that are carried through wherever the data moves.”
The Voltage solutions support full scalability and redundancy, enabling the team to easily scale up both vertically and horizontally without service interruption or the need for planned downtime. Voltage’s flexible technology and integration capabilities support integration with all third-party and in-house applications at BELBİM. Although SecureData is not currently used in BELBİM’s data analytics platforms, there is an opportunity there. This will be helpful for obfuscation of data that is not essential for data scientists for data analytics purposes.
Kılıç comments: “Working closely with BELBİM professionals, we created an effective team and managed to get positive results very quickly. We are committed to add value as a partner. Not just by establishing regulatory compliance, but also by achieving clear ROI for our customer.”
Nisanoğlu concludes: “Plainex proved the right choice of partner for us. Collaborating closely with Voltage, the Plainex team took a very customer-centric approach and delivered the required functionality against our agreed timeline. Leveraging the Voltage solutions to reduce the amount of processed data and consolidate our IT architecture means not only full regulatory compliance, but we can now also assign our IT professionals to more value-add tasks. This project contributes to improved sustainability of both human and natural resources over longer periods of time.”
Electronic Money and Payment Services, Inc. (BELBİM) is a subsidiary of the Municipality of Istanbul and the founder of the R&D-intensive ‘Electronic Fare Collection System,’ which has been in service in the Istanbul public transportation system since 1987. Istanbulkart is the public transportation card of Istanbul with a total of 23 million users.