When the software firm Vincit’s network solutions were undergoing a major reform, the need to analyse the company’s status of information security comprehensively arose. Vincit is active on two continents and its infrastructure is heavily based on cloud services and the information flows in a multi-vendor environment where information security plays a key part.
“For us, it is important that information security is in order and that its level can be analysed constantly. Such an extensive survey had not been carried out before,” says Vincit’s Senior Software Engineer Aleksi Häkli.
Cooperation with Loihde Trust began with renewing Vincit’s network solutions and extended later to information security services. Vincit went through several alternative suppliers before deciding on Loihde.
“We received a tip from a colleague who worked with Loihde that Loihde Trust could be an ideal partner for us. It was nice to see that there was a Finnish alternative available that can provide us with all the services we need in this sector. Everything we heard about Loihde and their employer brand, operating methods and history, for example, was positive, so we decided to try cooperation with them. This turned out to be a good choice,” says Häkli.
Vulnerabilities were explored with the methods of cyber criminals
Vincit’s level of information security was analysed on an administrative and technical level. The service included an information security analysis, detection of vulnerabilities and penetration testing.
In the information security analysis, the current status of Vincit’s information security in relation with the goal was analysed by reviewing both technical and administrative information security. The overall level was analysed and documented and the suggested development measures were set in an order of priority. After this, more technical analyses of networks and target systems were made with the vulnerability detection service and penetration testing.
The vulnerability detection service was provided to detect vulnerabilities in local area networks and external networks and various systems. In addition to technical observations, the customer was provided with a report of suggested vulnerability-specific corrective measures, analyses and risk assessments by Loihde’s information security experts, current trends and a summary.
Penetration testing was carried out to detect information security gaps and vulnerabilities using a variety of methods. Compared to the vulnerability detection service, penetration testing is more focused and it can cover an individual system or several subnets. The testing is carried out by Loihde’s ethical hackers who test the information security of the target systems with the methods used by cyber criminals in a controlled manner. Penetration testing was purposely carried out in an isolated environment with a black box method, i.e. Loihde’s testers tested the systems without any prior knowledge of them.
The observations and suggested corrective measures were reported and reviewed with Vincit. The penetration testing also includes checking the observations after the corrective measures have taken place, which ensures that the original measures are efficient and sufficient.
Reviewing information security has directly benefitted business as well.
“We can show our partners and customers that we have analysed these things with a critical eye and that we are constantly improving our performance,” says Häkli.
“The quality and solutions of modern information work develop constantly. Because of this, it is necessary to periodically review how things are done and how the methods and solutions develop in order to stay up to date,” says Häkli.
“We have also used Loihde Trust’s support and monitoring systems. They have also worked very well and the quality of technical solutions warrants praise,” he adds.
“It was nice to see that there was a Finnish alternative available that can provide us with all the services we need in this sector.”
A client-friendly solution
Vincit has a lot of positive feedback about the cooperation.
“The cooperation went really well and seamlessly. We received personal service and close collaboration. Contacting and arranging things with everyone was easy and efficient through direct cooperation. For us, as the client, this was a very easy and effortless solution,” says Häkli.
“We managed to complete the comprehensive reform and analysis in a schedule and cost-level that suited us very well and the quality of work was excellent,” concludes Häkli.