Goodbye to individual information security products
Information security is now obtainable as a service
OP-Pohjola have decided to secure the more than 10 000 client terminals it has in its financial services group in a new way by acquiring malware defence from Tieto as a service.
– For a long time, I have been irritated by the fragmented nature of information security products, such as antivirus software, firewalls and protection against attacks. With hardly any security services available, a company is usually responsible for integrating different information security products with each other and in relation to systems, says Erkki Räsänen, head of information security in OP-Pohjola Group.
– We want to understand different deviations in information security. This is mainly a question of producing real-time information and its analysis, says Räsänen from OP-Pohjola describing what he expects from Tieto’s new information security service.
– Single incidents or deviations do not reveal much of the level of information security. What we are looking for is an overall picture of technical information security. This is when data on information security changes into useful information for us, says Räsänen.
What is referred to here is SaaS, i.e., “software as a service”, which means acquiring software as a service instead of with the traditional licence.
– Our situation up to now has been that the service provider has managed the information security of our server environment, but we have taken care of the information security of our client terminals ourselves.
Pyramid-like construction of information security
In an environment with 12,000-13,000 client terminals, it is essential that client terminal information security is efficient enough in the very standardized client terminals, which principally use similar information security solutions.
Efficiency was another reason to outsource malware defence to Tieto.
It is actually impossible for Räsänen to list beforehand the new information he hopes to receive from the security services offered by Tieto.
– We want to be able to identify and, above all, understand different deviations in information security. The question here is mainly about producing real-time information and its analysis, says Räsänen.
According to Räsänen, the information security management system of a large financial group is like a three-layer pyramid. The lowest level contains sensor systems, i.e., individual information security products, the mid-level comprises log data produced by the sensor systems, creating the required information and the real-time information security management centre is at the top.
Tieto’s service relates to the first and second levels of the pyramid.
Outsourcing kept close at hand
The information security project of Tieto and OP-Pohjola was completed in a few months in autumn 2010.
– In practice, Finanssidata, jointly owned by Tieto and OP-Pohjola, forms the service interface for us, says Räsänen.
Naturally, malware and the defence against it are only one part of OP-Pohjola’s information security.
– Information security is ultimately part of a company’s risk management which concerns each employee, starting from how the data produced should be classified.
Financial groups, such as OP-Pohjola, are large ICT houses themselves.
– There is much talk about the increase in ICT costs in the financial sector. On the other hand, ICT has also been a tool for bringing down other costs and improving customer service.
Erkki Räsänen takes the outsourcing of different ICT entities in his stride.
– I have been involved in six or seven large outsourcing projects and am no longer in the least bit terrified, he says and smiles.
Outsourcing risks are minimized when outsourcing is kept close at hand so that the management of issues is not far removed in the chain of events. This is exactly how things were done in the malware defence outsourcing of OP-Pohjola and Tieto.
Pohjola Pohjola is part of OP-Pohjola Group, the leading financial services group in Finland. OP-Pohjola Group is made up of 218 member cooperative banks and OP-Pohjola Group Central Cooperative which they own, including its subsidiaries and closely related companies. Pohjola Bank plc is the Central Cooperative’s most significant subsidiary. OP-Pohjola Group has more than four million customers, of whom joint banking and non-life insurance customers total slightly over one million. The Group has almost 600 branches providing banking and non-life insurance services. |
The challenge
Securing more than 10 000 client terminals efficiently, as a service. The service is required to provide both technical information security as well as analysis data related to information security.
Tieto solution
The information security project of Tieto and OP-Pohjola was completed in a few months in autumn 2010. Finanssidata, jointly owned by Tieto and OP-Pohjola, forms the service interface.
Added value
Centralized, informative and efficient information security.
Quote
“There is much talk about the increase in ICT costs in the financial sector. On the other hand, ICT has also been a tool for bringing down other costs and improving customer service.” Erkki Räsänen, head of information security, OP-Pohjola Group.
