The public sector is constantly exposed to cyber-attacks. Norwegian municipalities have many different services that require many different accesses. Security is essential to protect society and individuals.
One who has taken this very seriously, is the Værnes region. They have now sorted out old data solutions and acquired a new cloud solution.
The Værnes region is an IT collaboration between Frosta, Meråker, Selbu, Stjørdal and Tydal municipalities. With common agreements and infrastructure, it is easier to comply with strict requirements for data security and GDPR.
- The IT department consists of around 20 employees plus apprentices. Each municipality also has its own system managers for the various information or task systems, says Elin Wikmark Darell, Head of HR and digitization in the Værnes region.
Elin Wikmark Darell
Head of HR and digitization in the Værnes region
Head of IT security in the Værnes region, Sindre Wesche Fløan, says that a proper clean-up job was done last autumn. Many old and irrelevant links were removed.
- We have taken control of our services and systems. We removed the systems that were no longer relevant and tightened up on where the data came from and where it was going. We also introduced geo-blocking to block out certain countries, as well as two-factor authentication.
Sindre Wesche Fløan
Head of IT security in the Værnes region
- It requires a lot of work to follow up the threat warnings all the time. We therefore decided to collaborate with someone who could assist us, says Darell.
The IT department received funding, and Sikri was selected following a tender process. Sikri is a leading supplier of solutions within case processing, document management and archiving in Norway.
- An important requirement was that the solution should be simple and intuitive to use, at the same time as it should be safe. Most of the municipality’s employees do not work administratively, and our employees should not have to attend courses to be able to use the programs. Sikri was able to meet these requirements. Sikri is also a solid company that takes care of everything, says Darell.
CEO of Sikri, Nicolay Moulin, praises the Værnes region for the cooperation they have achieved.
- There is no doubt that municipalities benefit from working together to use common solutions as the Værnes region does. Once you can standardize processes and solutions, it becomes easier to maintain, have control and find deviations, he says.
Moulin confirms that the threat picture is constantly changing, and that it is important to be up to date.
- That is why we have our own privacy representative who works with ISO and all the elements. I have weekly one-to-one meetings with our privacy representative and with the operations manager to keep our services up to date.
Nicolay Moulin
CEO Sikri
- A cloud service is delivered as a shared responsibility between us and the cloud provider. The cloud provider is responsible for the underlying services, and we are responsible for the security associated with our services. Microsoft is the main cloud provider for Sikri. We have a close dialogue with them, and they share information about the threat picture with us so that we can make the necessary assessments, says Moulin.
In all security work, people are central. Sikri is a software house with many skilled technologists, developers and consultants.
- It all starts with our own expertise. That is why we practice regular safety drills. At the same time, DevSecOps ensures that a human error in software development does not reach the customer. Our investment in Public Cloud gives us the opportunity for faster development and higher quality, concludes Moulin.
This article is translated from a Norwegian publication by Marte Frimand, Mediaplanet: All about social security