Aktia Bank plc of Finland, looks after the serenity of its 300 000 customers through rWeb of Deny All
September 2009 by Marc Jacob
Aktia, a major finnish player in the financial actor with flawless IT security
Founded in 1825, Aktia Bank is today one of the largest banks in the Finnish market. It operates in
retail banking, asset management and life & risk insurance. With its 90 branches spread over the
whole territory of Finland and efficient customer service, Aktia Bank plc daily manages the bank
accounts of nearly 300 000 clients.
In 2008, after the acquisition of several companies operating in the financial sphere during the last two
years, Aktia Bank plc had to continue to guarantee a level of optimal security for its clients but also for
its own data.
To take up this challenge, Aktia Bank plc has chosen a common security solution to all its
components: a Web Application Firewall (WAF).
It should address the following issues:
– Protect all Aktia‘s entities against cybercrime with a security solution reliable and
– Comply with the requirements for PCI-DSS standard,
– Enable a secure and reliable SOA-architecture.
"Rather than letting each entity of Aktia Bank plc choose its own WAF, we wanted to standardize all
applications using a common security solution, impeccable, robust and reliable." said Thomas
Malmberg, Security Consultant in Aktia Bank plc.
rWeb, Deny All’s Web Application Firewall chosen by Aktia to secure its
Following a call for tenders launched two years ago, Deny All has been selected as the company
offering the best WAF to address Aktia needs. The Proof of Concept (POC) lasted a week and then
after a short test period of one month in-house, rWeb has been implemented in the whole structure of
the group. The Finnish consultancy company, nSense, partner of Deny All, has played an important
role in decision-making of Aktia Bank plc: "nSense knew how to advise us in our choice and
accompanied us step by step in deploying Deny All’s solution, rWeb" said Thomas Malmberg.
The Finnish Bank, from the beginning, respected the PCI-DSS standard imposed on all Internet sites
whose activities involve the existence of bank data. Therefore, its various entities, acquired over time,
have been required to also meet this standard. The choice of the Deny All‘s Web Application Firewall,
rWeb, stood out again, obviously : "rWeb corresponded to our expectations regarding the PCI-DSS
standard, it is a natively compatible, transparent, evolutive and future-proof solution" said Thomas
The rWeb solution is gradually deployed in front of all the applications of Aktia Bank plc entities. Today
Aktia Bank plc continues to install new applications, including XML and Web Services. Again, the
choice of rWeb is reinforced because it provides sufficient protection to such applications, without
Thomas Malmberg described Deny All’s technical, support and advisory teams as "extremely
responsive and available." The quality of this relationship was instrumental in the POC phase and
Thomas Malmberg stresses "the attention that we met at this period, and that influenced our choice, is
still a strength of the relationship between Aktia Bank plc and Deny All.”