Regulatory requirements for IT security have become stricter as agencies have taken up online services. The demands included in the Government Information and Cyber Security Management Board (VAHTI) guidelines dictate that agencies must be able to manage log data in line with good governance practices throughout the lifetime of the log files and that log data must be kept for five years in case it is required for police investigations.
In the past, the Finnish Safety and Chemicals Agency (Tukes), which oversees and promotes technical safety, regulatory compliance, and consumer and chemical safety in Finland, struggled to comply with the VAHTI regulations as its logs were kept on individual servers and their retention time was too short.
Kristian Salmi, Data Security Expert at Tukes, said, “It was difficult to get a clear overview of our logs, and sometimes it was impossible to find the necessary information in the log files collected. We wanted a solution that could provide centralized collection and affordable long-term storage of log data.”
For several years, partner Javerdel has provided Tukes with data center solutions delivered through a software-as-a-service (SaaS) model, along with additional software maintenance services, to support Tukes’ expansion from Helsinki into Tampere and Rovaniemi. Javerdel proposed a solution based on Sentinel Enterprise that would be hosted in Javerdel’s data center and delivered using a SaaS deployment model.
After carrying out an initial proof of concept, Javerdel’s experts were tasked with planning and implementing the solution. Sentinel Enterprise was integrated with Tukes’ login environments, namely the email server and the Microsoft Windows Active Directory (AD) environment.
“Sentinel provided the scalability we needed and, in our opinion, it was also the best match for price and performance. The solution is versatile and can be used in a variety of hardware and software environments. It centralizes log data collection and provides the most affordable way of storing and using the logs for years to come. Sentinel makes user operations transparent and allows us to create an overall view of the monitored targets,” says Salmi.
Jan Karlqvist, Javerdel’s Director of Customer Relations said: “When we mapped out the solution for Tukes, we focused on enabling effective collection and analysis of log data. Sentinel is a comprehensive solution that perfectly matches Tukes’ legal requirements. For example, it enables the detection of threats to the intranet and any problems that occur during AD replication.”
The amount of log data in Tukes’ IT environment continues to grow – according to Salmi, there are a total of 25,000 logins across all workstations and systems every week. He said: “Thanks to the Micro Focus solution, we are now able to indicate and prove, where necessary, that Tukes adheres to the VAHTI regulations. Each login made in our IT environment can be traced and the relevant log data can now be easily retrieved.”
As an environment monitoring service, Tukes receives a report on user logins, changes in user authorizations and the capacity of servers. “The weekly reports are clear, making it easy for us to find the essential facts,” said Salmi.
“We can now gather meaningful data and even recognize attempted attacks. Protocols and the root causes for any errors are visible to us as well. We pay attention to anomalies such as particularly high numbers of logins. This increases our control over the events in our intranet, which now features significantly higher levels of security,” said Salmi.
Cost-effective data storage is provided by disc systems for two years and by tape backups for a further five. Javerdel’s experts built a separate, secure wireless network system for the Sentinel Enterprise solution that is transparent in Tukes’ network environment.
According to Salmi, the service has worked well: “Our duties include many statutory tasks, meaning we lack the resources to maintain this solution ourselves. The SaaS model is excellent and very cost-efficient for us, and the service, which runs on SUSE Linux and features 24/7 availability, has delivered excellent results. The solution provides us with effective and versatile monitoring of our Windows environment.”