pfn-header-logo

CASE STUDY

logo-kzbs-white

Building a resilient security architecture

How KZBS secured the ecosystem of 500+ cooperative banks against modern threats.

Client:

KZBS
(National Association of Cooperative Banks)

Sector:

Banking / Public Trust

Scale:

500+ Associated Banks

Key Compliance:

NIS2, DORA, GDPR, ISO 27001

Services:

Managed Security Services, Zero Trust Architecture

Executive Summary

The National Association of Cooperative Banks (KZBS) acts as the central nervous system for over 500 financial institutions in Poland. In an era where supply chain attacks are the #1 threat, the security of the central hub is non-negotiable. Professnet executed a strategic "Digital Fortress" transformation. We moved KZBS from fragmented IT to a unified, enterprise-grade environment compliant with the most stringent EU directives (NIS2, DORA). The result is a secure, monitored ecosystem that serves as a trusted platform for the entire cooperative banking sector.

%

Compliance with NIS2 & DORA directives

%

Faster Incident Response Time

+

Financial entities in the secure ecosystem

/7

Active Security Monitoring (SOC level)

Challenge: The "Hub" Risk and Complex Regulatory Landscape

Before the transformation, KZBS faced challenges that went far beyond typical IT issues. As an organization representing the interests of hundreds of banks, they carried a massive responsibility:

arrow-big-white

01

Elevated Risk Profile

Hackers often target central associations to gain backdoor access to member banks (Supply Chain Attack). KZBS's infrastructure had to be harder to breach than the banks themselves.
arrow-big-white

02

Regulatory Pressure (NIS2 & DORA)

New EU regulations imposed stringent financial penalties for lack of digital resilience. KZBS needed to not only be secure but also prove it with audit-ready documentation at any moment.
arrow-big-white

03

Fragmented Collaboration

With 500+ members, communication was chaotic. Sensitive documents were often exchanged via unstandardized channels, creating data leak risks.
arrow-big-white

04

Operational Blindness

Lack of centralized monitoring meant that potential threats could go unnoticed until it was too late.

Solution: Zero Trust Architecture & Defense-in-Depth

Professnet implemented a multi-layered security strategy based on the Zero Trust principle: "Never Trust, Always Verify."

Secure Your Infrastructure

01 Phase

Secure Foundation (Fortinet & Network Segmentation)

We rebuilt the network layer from the ground up.

Technology:

We deployed high-performance Fortinet Next-Generation Firewalls (NGFW) to inspect all traffic.

Segmentation:

We isolated critical systems so that even if one segment is compromised, the attacker cannot move laterally to the core data.

Encryption:

All connections between KZBS and member banks were secured with encrypted VPN tunnels, creating a "private highway" for data.

02 Phase

Secure Collaboration Hub (Microsoft 365 + Information Protection)

We replaced scattered tools with a unified Microsoft 365 environment.

Identity First:

We implemented Azure Active Directory with strict MFA (Multi-Factor Authentication). No one, not even the CEO, accesses data without a second factor.

Data Protection:

We configured SharePoint and OneDrive with Azure Information Protection policies. Sensitive documents are tagged and encrypted, even if a file leaks, unauthorized users cannot open it.

03 Phase

PFN-Security & Observability (The Watchtower)

Security is not a product; it's a process. We deployed our proprietary monitoring stack:

Real-Time Detection:

PFN-Observability collects logs from servers, firewalls, and applications.

Response:

Any anomaly (e.g., a login attempt from a suspicious country) triggers an immediate alert to our 24/7 Security Operations Center (SOC).

Professnet Expert on the Project

"In the KZBS project, the challenge wasn't just blocking hackers, but ensuring Business Continuity.

Under the DORA directive, a bank must prove it can recover from a cyberattack. That's why we didn't just build firewalls; we implemented an Immutable Backup strategy and redundant power systems. We assumed that an attack will happen, and we designed the system to survive it without data loss."

XXXXXXXXXXXXX

Lead Security Architect @ Professnet

pfn-logo-white

Key Results & Business Impact

The transformation turned IT from a cost center into a strategic asset that builds credibility.

Regulatory Compliance

KZBS achieved 100% readiness for NIS2 and DORA. This protects the organization from fines up to €10 million or 2% of global turnover.

Operational Speed

60% reduction in incident response time. Automated alerts allow us to neutralize threats in minutes, not days.

Cost Efficiency

30% reduction in operational costs thanks to vendor consolidation and virtualization.

Scalability

The infrastructure now seamlessly supports daily collaboration for 500+ entities, handling peaks in data exchange during sector-wide events.

Unquantified Value

arrow-big-white

Sector Leadership

By adopting the highest security standards, KZBS sets an example for all cooperative banks, promoting digitalization across the sector.
arrow-big-white

Safe Knowledge Exchange

The new SharePoint environment became a safe haven for sharing legal interpretations, strategies, and confidential banking documents.
arrow-big-white

Audit Peace of Mind

When regulators knock on the door, KZBS has full documentation and logs available instantly.

Are you ready for the NIS2 and DORA directives?

New EU regulations don't care about excuses. If you process sensitive data, you need an infrastructure that proves its own security. Let's discuss a Security Gap Analysis for your organization. We will tell you exactly where you stand and how to get to safety.

Secure Your Infrastructure

We are always happy to talk

Reach out to us about a project, consultation, or to explore other collaboration opportunities.

portrait Lukasz Tabaczek

Lukasz Tabaczek

CEO
professnet@professnet.pl
+48 516 524 227
Schedule a meeting
pfn-logo-white
Elektronowa 2d (4 floor)
03-219 Warsaw
P O L A N D
VAT ID: PL 5242 793 610

Cloud & Infrastructure:

Migration & Repatriation Azure Landing Zone Secure Connectivity Intune & Device Management

Apps, Data & AI:

App Modernization Factory Serverless & Event-Driven Azure DevOps & IaC Private RAG (GenAI)

Security & Compliance:

Managed SOC Identity & Entra ID DevSecOps (SSDLC) Security Consulting

Managed Services:

Managed Infra (24/7) Co-Managed Azure Managed Compute (VMs) Data Lifecycle & Archive

Assessments:

Azure 3D Assessment NIS2 & DORA Audit AI Readiness Check App Mod. Assessment AKS Health Check

Site map:

Case studies Blog About us Contact
© 2026 Professnet. All rights reserved.
Privacy policy