Telindus' CSIOC secures the digital transformation of OneLife

fr en

Like many industries, the life insurance sector has to adapt to new customer behavior. These new uses illustrate consumer demand for a better experience, delivered through customized and omnichannel offers. To be in a position to roll out new digital tools to its customers and partners, while minimizing the risk, OneLife called on the services of Telindus' Security & Intelligence Operations Center (CSIOC). Nadine Tavolacci, OneLife's IT Security Officer, explains the challenges at stake and how the desired returns were achieved.

<< Back
04/01/2021 |
  • cyber(002)

“Life insurance companies such as ours handle large amounts of confidential information,” points out Nadine Tavolacci. “This means being in a position to guarantee our customers the integrity, confidentiality, availability and traceability of this sensitive data. On top of that, we have to safeguard OneLife's good reputation on the financial market, along with its brand image.”

An external CSIOC for 360° security

To achieve these goals, OneLife had to put in place the operational capabilities necessary to monitor the flows transiting over the company's networks and issue appropriate and relevant alerts in the event of an incident. “We also wanted to relieve our IT teams of responsibility for incident management and allow them to focus on the company's core business,” says Nadine Tavolacci. “Another consideration was ensuring an uninterrupted security service and the possibility of continuous technology monitoring and advice in specialized areas," she says.

Service performance and quality

“To effectively outsource such critical services, we needed to find a supplier that could guarantee excellent service quality combined with maximum responsiveness,” sums up Nadine Tavolacci. “This provider had to demonstrate the capabilities and adaptability to assess existing security arrangements, get a firm grasp of our environments and put in place the processes necessary to respond appropriately in the event of a security incident,” she stresses.
 “In Telindus, we have found a partner that can meet our stringent service performance and quality requirements while respecting our budgetary constraints.”

An in-depth risk analysis

To deliver on the OneLife's expectations, Telindus' cyber security consultants first analyzed the company's entire infrastructure and communications.
They then identified the risk scenarios likely to occur before categorizing potential incidents on the basis of use cases and prioritization. External vulnerability was also analyzed in order to assess the exposure of the company's perimeter infrastructure.

Following this risk analysis and anticipation phase, a rapid escalation mechanism to Telindus' CSIOC team was introduced in order to be able to deal with a major incident, as well as DNS monitoring: typosquatting search, detection of changes in traffic properties, real-time monitoring of compromise indicators.

To validate the defense capabilities of OneLife's infrastructure and communications, the Telindus team scheduled an annual “Red Team” exercise and conducted a phishing test to assess users' exposure to social engineering risk. Finally, it was decided that a cyber security report would be sent to OneLife's IT teams on a monthly basis.

Identifying risks and limiting impacts 

“The monthly reports issued by Telindus confirm the appropriate level of security measures put in place,” confirms Nadine Tavolacci. “The security equipment and tools we use have been approved by Telindus. The most critical data is clearly identified and protected with special care. The CSIOC now allows us to identify threats and risks at an early stage and to limit their potential impact,” she continues. "And the advice provided by Telindus allows us to apply patches and updates as and when needed.”

High reactivity

Through Telindus' CSIOC, OneLife now has access to the support of a team of around twenty cyber-security specialists. Based in Luxembourg, this team provides 360° coverage, 24/7, on three levels of expertise. The team draws on the talents of high-level experts capable of analyzing large amounts of information to pinpoint unusual behavior. These feed into new detection scenarios accompanied by a remediation plan adapted to the actual situation.

“The Telindus team is highly responsive,” confirms Nadine Tavolacci. “The cyber-security specialists are ready to intervene at any time to contain and control any incidents that may occur. They help us implement the recommended measures, whether to modify certain configurations, set up a firewall rule or apply security patches.”

Developing a culture of cyber security

“In the broader context of information security management,” adds Nadine Tavolacci, “we apply the best practice recommended by the ISO 27002 standard and our longer-term objective is to implement the requirements of the ISO 27001 certification standard. We regularly organize awareness-raising sessions for our employees on cyber security, as well as on the operational implications of the GDPR. Telindus is a great help to us as we pursue our goals of continuously strengthening our cyber-security capabilities,” she concludes.

Back to top  | << Back

Communiqués liés

Athome
06/05/2021

atHome Group devient actionnaire majoritaire de Taxx.lu

Le leader des services digitaux s’associe à la référence de la déclaration...

atHome Group
B-Medical-Systems
06/05/2021

B Medical Systems announces the opening of a new distributio...

B Medical Systems, a Luxembourg based global leader of vaccine cold chain soluti...

B Medical Systems
dury consult logo neu
06/05/2021 Personnalités

Le groupe Dury renforce sa direction : Martin Kerz est déso...

Le groupe DURY, dont le siège est à Sarrebruck, renforce son équipe de direct...

Dury Consult
BC Anders La Cour CL
05/05/2021

12 mois après le lancement de la licence bancaire, Banking ...

Une banque axée sur la technologie a traité 155 milliards d’euros de volume ...

Banking Circle
Annual Review 2014
05/05/2021

JEcolux2021: Making a difference for your business and your ...

Journée de l’Economie 2021 has ended for another year and the over 200 person...

PwC
pexels-johannes-rapprich-1482927
04/05/2021

Le « credit crunch environnemental » ou l’épuisement de...

Le nouveau rapport d’UBS intitulé « L’avenir de la planète » préconise ...

UBS

Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more