Our case studies provide insights into real customer projects and show how our solutions work in practice, reliably, scalably and transparently. We explain specific use cases, challenges and the value delivered. As a result, you gain an authentic impression of how modern IT and security solutions are deployed across different organisations. We thank our customers for their trust and for their willingness to share their experiences publicly.
About Raiffeisen IT GmbH
Raiffeisen IT GmbH, headquartered in Germany, provides comprehensive services as an IT service provider for several shareholder companies. These include IT services for office applications, infrastructure and network operations, as well as managed services for operating systems, databases and SAP basis. The services are delivered centrally from Kassel and Karlsruhe. (www.raiffeisen-it.com).
Initial situation & motivation
The growing complexity of the IT landscape, particularly due to the central responsibility for outsourced IT processes of the shareholders, required a high degree of standardisation, transparency and controllability. Audit-relevant requirements from annual financial statement audits, as well as internal governance specifications, made it necessary not only to establish technical and organisational measures, but also to keep them verifiable over time. Consequently, Raiffeisen IT GmbH faced increased pressure in the handling of privileged users and administrative access rights, in order to ensure traceability of activities and to effectively prevent manipulation.
Marc Golenko
Head of SAP Operations
Challenge
Three control-relevant domains were in focus:
- Access management (AM), especially in AD and Azure AD
- Change management (CM), for example in SAP system landscapes
- Network & infrastructure (NI), including central components for service delivery
However, to secure privileged access, for example to the SAP database, there was still no tool for complete, audit-proof traceability. In a highly regulated environment, this represented a substantial deficit with regard to ISO-compliant security controls. Therefore, Raiffeisen IT GmbH needed a solution that combined operational usability with rigorous evidentiary capability.
Objectives
In the context of ISO/IEC 27001:2022, the following requirements were to be addressed:
| Objective | Focus | Standard / framework |
|---|---|---|
| Traceability of privileged activities through complete documentation of sessions and actions. | Session Recording (screen/keystroke/app metadata) | ISO 27001 Privileged Access Rights ISO 27001 Assessment of Events |
| Fast response to security-relevant incidents through real-time detection and containment of risky actions. | Real-time analysis & automated response (blocking/terminating processes) | ISO 27001 Response to Incidents ISO 27001 Monitoring Activities |
| Preservation of evidence for audits and forensics through exportable, protected and audit-proof session data. | Audit-proof export & audit/forensics readiness | ISO 27001 Collection of Evidence |
| Role-based access control to avoid role conflicts and misuse of shared accounts. | RBAC, contextual rules & secondary authentication | ISO 27001 Segregation of Duties ISO 27001 Information Access Restriction |
| Live monitoring and alerting for early detection of suspicious or unauthorised privileged access. | Session Monitoring, alerts & escalations | ISO 27001 Monitoring Activities |
Solution
To implement these objectives, Syteca software was introduced. It is a platform for privileged Session Monitoring & PAM that, according to the manufacturer, is specifically aligned with the requirements of ISO/IEC 27001:2022. In practice, this gave Raiffeisen IT GmbH a single control layer for high-risk administrative access.
Why Syteca for Raiffeisen IT GmbH?
Seamless integration into IT operations at Raiffeisen IT GmbH
Functional benefits for security and governance
Function | Description |
|---|---|
Session Recording with real-time playback | Activities of privileged users (e.g. SAP admins) are fully recorded and stored in a searchable format. |
Metadata analysis and event logging | Each interaction is captured with contextual data (e.g. launched applications, keystrokes, USB devices) |
Metadata analysis and event logging | Each interaction is enriched with contextual data (e.g. launched applications, keystrokes, USB devices). |
Role of Techway GmbH
Techway GmbH acts as an authorised Syteca sales partner in the DACH region and supported Raiffeisen IT GmbH throughout the project, both technically and methodologically. As the integration partner, Techway was responsible for the installation and commissioning of the Syteca platform, including system design, configuration and application-specific adaptations. Moreover, implementation took place in close coordination with operational and governance stakeholders. As a result, Raiffeisen IT GmbH was able to integrate Syteca seamlessly into the existing control system and IT service processes.
Conclusion
With Syteca, Raiffeisen IT GmbH not only closed a central gap in ICS implementation, but also strengthened compliance with ISO/IEC 27001:2022 in a targeted manner. The solution provides a robust foundation for transparency, accountability and auditability in the handling of privileged access. In addition, it offers the flexibility needed to further develop the internal control system in line with regulatory requirements. Consequently, Raiffeisen IT GmbH has improved both operational security and audit readiness.
For a non-binding initial discussion or quotations for services and software products for cyber security projects, please send us a message. Our team will get back to you as soon as possible. We look forward to hearing from you.
We are happy to help: Write to us
For a first non-binding conversation and concrete references, please send us a message. Alternatively, you can also contact us by phone.
We are at your disposal and look forward to your message!