Case
ONVZ is demonstrably secure and compliant in public and private cloud
Health insurer ONVZ is active in an industry that on the one hand is strictly monitored by regulators, but on the other hand must innovate in order to keep up with changing market needs. The IT infrastructure is a critical factor when attempting to find the right balance within the field of tension between compliance and innovation.
Ambitions and challenges
- Create more room to focus on own core duties
- Need for specialist knowledge
- Rapidly-changing market conditions and developments
- Increasing security, privacy and compliance requirements
Solutions
- Migration of on-premises systems to Solvinity private cloud
- ‘Project Strain’: standardisation of systems and processes, implementation of best practices for compliance and security, including:
- Improved firewalling
- Strengthened network security in accordance with COBIT principles
- Simplified demonstrability for compliance purposes
- Central data hub for security of all the private and public cloud traffic
- Specialist consultancy & knowledge sharing
Results
Security & compliancy of confidential data is safeguarded
A stable & future-proof hybrid cloud infrastructure
Less ad hoc changes and modifications
More efficiency in management and further development
Up to date with the right IT partner
ONVZ worked with its own data centres and self-built systems for many years. However, it gradually became clear that legislation and regulators were imposing increasingly stringent demands on the security, availability and flexibility of the systems. On top of that, there was the need to maintain the level of knowledge and keep the IT environment up to date. “ONVZ processes very sensitive data,” says Jan-Dirk Rundervoort, supplier manager at ONVZ. “In order to continue doing that meticulously and in a demonstrably compliant way in the future, we decided to bring in external expertise.”
In 2016, ONVZ entered into collaboration with Solvinity and the IT environment was migrated to the Solvinity Private Cloud. Moreover, six infrastructure managers of ONVZ were taken over by Solvinity, the majority of whom are still on board six years later.
The IT environment was taken over ‘as is’. However, standardisation and redesign was necessary to make cost-efficient further development possible and to be able to make optimal use of the possibilities of the (private) cloud.
Project STRAIN
This was therefore the focus after the collaboration was extended in 2019 and Project STRAIN (Standardisation and RAtionalisation of the IT-INfrastructure) was launched.
“That project had two objectives”, explains Rundervoort. “First, we wanted to align the working methods of our own managers and the Solvinity team across the entire infrastructure, so that the collaboration and the further development was not hindered by customised agreements.
The second objective was to make the environment future-proof and more secure. Examples include patch policy and continuous server hardening, but also anti-ransomware and anti-DDoS.” Furthermore, firewalling was improved, the network security was strengthened in accordance with COBIT principles and the demonstrability of the measures taken for compliance purposes was simplified.
In 2020, Project STRAIN was completed. As a result, the IT infrastructure is not only more efficient and more scalable, but ONVZ also meets the increasingly high security and compliance requirements of, among others, De Nederlandsche Bank and the baseline of the Center for Internet Security. “In addition, a lot less ad hoc changes are needed, as a result of which the number of modifications required has decreased”, according to Rundervoort.
Future-proof in the cloud
STRAIN was not the end of the modernisation process within ONVZ. At the end of 2021, the collaboration with Solvinity was extended once again by a period of five years. Further cloud migration and outsourcing by verSaaSing is a priority for Rundervoort.
In that hybrid ecosystem of ONVZ, Solvinity currently manages the central data hub, which all private and public cloud connections go through in order to safeguard security and compliance standards. Furthermore, ONVZ’s private cloud environments will continue to be managed, in their entirety, by Solvinity.
In addition, Solvinity will provide consultancy services in order to support ONVZ with their further modernisation. “We have always been completely satisfied with the collaboration with Solvinity”, says Jan-Dirk Rundervoort, supplier manager with ONVZ. “We no longer have any in-house specialist knowledge of infrastructure and networks. Solvinity is able to give us good advice about that.”
Download the ONVZ case study
ONVZ and the right balance between compliance and innovation
Learn more about how ONVZ secured security and compliancy with a stable & future-proof hybrid cloud infrastructure?
Other cases
Cases
Case: CJIB innovates fast, controlled and secure
With Managed Hosting and CI/CD, Solvinity enables the CJIB to innovate in a controlled and secure...
READ MOREFirst SOC 1 & 2 Compliant Dutch MSP on Azure
How do you meet the strict SOC 1 and 2 requirements when data is out of...
READ MORECase: Ministry of Justice and Security in safe hands
With Solvinity the Ministry of Justice and Security found a reliable and future-proof IT solution that...
READ MORE