It’s been another information-packed day at Efecte’s virtual event ‘Digitalize and Automate’, and it’s time to highlight the second day’s sessions along with some of the key things we learned. After looking at the ‘why’ of digitalization and automation on Day 1, we have today explored the ‘how’ – with the help of some exceptional speakers. With a solution that is designed for the cloud, it is of utmost importance to us to offer cloud environments to our customers that perfectly fit their needs and especially their requirements in terms of data security. During Digitalize and Automate 2022, our cloud and security experts Paavo, Topias, and Marko have presented their vision of the European Cloud and how we make sure our systems are bulletproof.
Paavo Kyyrönen - Viewpoint on re-defining European Cloud
Paavo addressed the following topics: Cloud on your own terms, Modern European Cloud, and Cloud standards in quality and security.
Cloud on your own terms
To start with, Paavo explained in simple words that cloud on your own terms means: not compromising on what you need and not giving all the control to someone else.
Usually, customers have a set of requirements and preferences, internal policies, best practices, and only a limited amount of time and money to implement and administer a new cloud solution. We want to give you the possibility to choose what’s best for you. We have a single cloud architecture, deploying the same solution stack to all customers. However, thanks to the platform-agnostic deployment model, we can either offer you a dedicated or a private cloud environment. In the case of the former, we sit together with you, define and fulfill your needs with our standard solution stack and take the workload of administration off your shoulders. In the case of the private cloud, we do totally adapt to your best practices and policies, including the choice of the data center, infosec regulations, or maintenance operations to only name a few.
That is how the cloud should look like – just the way you want it to be.
Modern European cloud
How do we benefit from a modern European cloud? Unlike the big American players, smaller European companies provide flexible solutions and local players meet your increasing demand to adapt fast. In the modern world, your data is one of your most valuable assets and the European Union offers us a strong data protection framework. Standards are set high in terms of security and quality. Most importantly, your data is always within your reach: in Efecte’s case, we offer European support staff, and European partner channels, 100% of the R&D is in Europe, we strictly apply European data protection regulations, and host our customer data in European datacenters.
Secure, quality, and cloud services
The cloud provides standardized methods, not only for the deployment but also with proper quality practices, so every customer benefits. Security is key to our cloud engineers, and they constantly search for feedback on the market and with our customers. Through our proper cloud solution, patches are automatically deployed to all customers. Software component lifecycles and vulnerabilities are managed for all customers at once. Another layer of security is provided through our ISO/27001 certification and practices.
How do we secure our quality standards? With thousands of end users, we cannot fail. That’s why we drink our own champagne. We use our own production systems and couple them with continuous integration and continuous delivery methods. If quality fails, we take it first. We learn from our own mistakes.
How to prevent failures? Through the usage of modern tools, we try to eliminate all manual work and thus room for error. Automate, that’s our advice.
How to approach quality? At Efecte, our problem management process drives quality improvements. If there are unwanted features or problems, the problem manager has a team of developers focusing on these issues. Quality management also comes from our customers since we’re having a permanent dialogue with them, incorporating every feedback. We do also organize frequent quality weeks where we empower our developers to enhance the product and processes.
Key takeaways:
- Why a European Cloud - high-security services, data, language, flexibility
- Saas era - you are the master of your own data, operated by reliable sources
- Cloud on your own terms – don’t compromise, ask for what you need
Watch the full presentation here
Topias Marttila and Marko Mantere - Viewpoint on security: Information security management at Efecte
Topias and Marko talked about information security management at Efecte. How do we manage security for a whole range of use cases - HR, contract management, and others. All include personally identifiable data. Many use cases include confidential data, such as financial data, contracts, etc.
We understand our customers use Efecte for confidential data and we take it seriously. This is why information security management is one of our priorities.
Information security management
Efecte is ISO 27001 certified, and re-certification will take place in 2023, with all Efecte sites and functions included. Marko maintains and improves information security management based on customer and business needs. We have information security champions and site management to support the work. Risk management is part of ISMS. The risk management process is in use in Efecte. We do risk management checks regularly. Any contact can indicate risks. We keep track and statuses and maintain data cards from risks.
Business continuity management system
We have started a project to be ISO 22301 certified with all major business processes being covered by the Business Continuity Management System. Business continuity management is linked to the existing ISO / IEC 27001 risk management workflow.
Other security-related processes
Asset Management, Change Management, Vulnerability Management, Security Incident Management, Compliance Management, KPI Reporting, and Continuous improvement - can be reported with Efecte.
Cyber Security and Data Residency
Where is your data located?
Efecte cloud - in EU data centers, offering turnkey solutions and the lowest TCO
Private or Public Cloud - Efecte in your capacity, operated by Efecte, you have full control of your data
In both cases, you benefit from the same software and capabilities.
Securing the cloud
Our customer data is segregated, there are dedicated application instances, virtual machines and networks, and granular access management.
Efecte uses a high level of automation in CI/CD (continuous information / continuous development) for managing the cloud. Human errors are reduced, and improvement patches are applied everywhere through the automation of productized environments.
Cloud security overview
Our team is executing overlapping controls.
- Data - role-based access management (RBAC).
- Application - applying secure coding best practices, security tooling in CI/CD, and pipeline.
- Host - patching, malware etc.
- Datacenter - location, network level segregation, vulnerability scanner, next-gen firewall.
It's the customer who chooses who is entitled to access the data. We take care of securing it.
Security Journey
You are never perfect - and you need to continually improve your processes. We offer our customers automatic analysis on practices, and external penetration testing. We have security champions that our customers can discuss with in order to improve their processes. In 2018, the CISO role was established within the Efecte organization. Since then, the info sec system has been systematically driven forward.
Are you already using Efecte for information security management?
Https://community.efecte.com/ There is “ISO 27001 control” and “risk template” for you to use.
During Day 2, more presentations have been delivered on the following topics:
Contact us
