Deployment Country: UK
Solution: Increase supply chain management efficiencies via XML-based application integration as part of Business Process Management (BPM) initiative. BAT selected Vordel's enterprise-class API solution as foundation of integration layer.
Products: Vordel API Server, SAP NetWeaver, Oracle
The Vordel API Server provide BAT with the essential security and management framework to take advantage of API technologies
British American Tobacco selects Vordel to secure and manage its global SOA
British American Tobacco (BAT)is the world's second largest quoted tobacco group. It has 47 factories in 40 countries. Its companies, including associated companies, employ more than 54,000 people worldwide.
As a large global organization, BAT has a diverse and complex IT environment which includes SAP, Siebel, and Oracle systems.
In order to cost-effectively integrate its enterprise applications together and improve business intelligence reporting, BAT made a strategic commitment to API technologies. The objective was to provide senior management with easier access to business intelligence previously buried deep inside back-office systems and to increase efficiencies by removing the requirement to manually re-key data between systems.
With the power and flexibility of APIs comes significant security and management challenges. In BAT, the business intelligence data exposed by the new API layer was highly sensitive. Therefore, the company required strict access control to this data in order to ensure that only authorized users could view appropriate data. Furthermore, speed of processing and availability of the information could be potentially delayed due to the processor intensive nature of XML and other related data sets processing.
Why BAT Chose Vordel:
From an external processing perspective, whilst systems integration currently existed between BAT and third parties, substantial growth was expected to support the target operating model. BAT chose the Vordel API Server as it is an efficent enabler for such transition as and when it occurs. Vordel also addressed the specific security, reliability, performance and operational concerns of such solution architectures. Additionally Vordel was able to deliver on BAT's requirements for secure internal systems integration within BAT, as well as secure systems integration with external third parties. Furthermore, BAT chose Vordel as both of its external and internal system integration use cases were driving a need for an enterprise-class API solution, to enable a repeatable, consistent and reliable security solution for enterprise Integration.
The drivers for BATs requirements included-
- An increase in the proportion of e-business transactions (e.g. with customers driven by TM&D strategy and suppliers driven by Supply Chain Finance).
- An increase in 'eCompliance' driven by regulatory bodies, such as taxation initiatives related to eInvoicing.
- An increase in BAT functional systems and platforms being out-sourced to IT providers for reasons of cost-saving and efficiency (e.g. Payroll, HR, SaaS and Cloud Computing).
From an internal processing perspective, a need has been identified to improve security controls applied to systems integration between BAT systems within its offices, factories and warehouses. In order to comply with industry regulations and corporate policies for data access or privacy, security policies needed to be enforced throughout the company's architecture, not just at the network perimeter. All data had to be encrypted while in transit across the network. XML data had to be scanned for new attacks such as "XML Denial of Service" attacks. This deterred internal attacks and also provided for a full evidential audit log of user access to the core business systems.
The solution also had to be platform-agnostic, since both J2EE and .NET platforms are used within the firm and had to be interoperable with SAP NetWeaver and Oracle. Additionally, as 80% of the future integration requirements of BAT were driven by the roll-out of the One SAP 'Global Template' to 180+ BAT End-Markets, the requirements for an enterprise capability was anchored to the integration requirements of One SAP.
The solution also needed to provide an audit log of transactions and alerting functionality to ensure uptime and integrity of all the services made available to the authorized employees and partners accessing these services.
As a result of selecting the Vordel API Server, BAT received a a strategic solution to provide a security and management umbrella for its API traffic, as opposed to choosing short-term solutions such as platform security or using programming toolkits. This strategic solution gives BAT the security and management bedrock on which to run its API projects for the future. A strategic security integration solution which means that BAT does not need to revisit security considerations for APIs.
Additionally, by centralizing its security policies for XML traffic BAT reduces maintenance costs - as well as protecting itself from the costly management of multiple "silos" of security information.
As Vordel's products integrate with identity management infrastructure, such as directories, which are already in use within BAT, the organization can re-use its existing security infrastructure and save time and money.