Case

ONVZ is demonstrably secure and compliant in public and private cloud

Health insurer ONVZ is active in an industry that on the one hand is strictly monitored by regulators, but on the other hand must innovate in order to keep up with changing market needs. The IT infrastructure is a critical factor when attempting to find the right balance within the field of tension between compliance and innovation.

Ambitions and challenges

  • Create more room to focus on own core duties
  • Need for specialist knowledge
  • Rapidly-changing market conditions and developments
  • Increasing security, privacy and compliance requirements

Solutions

  • Migration of on-premises systems to Solvinity private cloud
  • ‘Project Strain’: standardisation of systems and processes, implementation of best practices for compliance and security, including:
    • Improved firewalling
    • Strengthened network security in accordance with COBIT principles
    • Simplified demonstrability for compliance purposes
  • Central data hub for security of all the private and public cloud traffic
  • Specialist consultancy & knowledge sharing

Results

Security & compliancy of confidential data is safeguarded
A stable & future-proof hybrid cloud infrastructure
Less ad hoc changes and modifications
More efficiency in management and further development

Up to date with the right IT partner

ONVZ worked with its own data centres and self-built systems for many years. However, it gradually became clear that legislation and regulators were imposing increasingly stringent demands on the security, availability and flexibility of the systems. On top of that, there was the need to maintain the level of knowledge and keep the IT environment up to date. “ONVZ processes very sensitive data,” says Jan-Dirk Rundervoort, supplier manager at ONVZ. “In order to continue doing that meticulously and in a demonstrably compliant way in the future, we decided to bring in external expertise.”

In 2016, ONVZ entered into collaboration with Solvinity and the IT environment was migrated to the Solvinity Private Cloud. Moreover, six infrastructure managers of ONVZ were taken over by Solvinity, the majority of whom are still on board six years later.

The IT environment was taken over ‘as is’. However, standardisation and redesign was necessary to make cost-efficient further development possible and to be able to make optimal use of the possibilities of the (private) cloud.

“We have always been completely satisfied with the collaboration with Solvinity”
Jan-Dirk Rundervoort
Supplier Manager with ONVZ

Project STRAIN

This was therefore the focus after the collaboration was extended in 2019 and Project STRAIN (Standardisation and RAtionalisation of the IT-INfrastructure) was launched.

“That project had two objectives”, explains Rundervoort. “First, we wanted to align the working methods of our own managers and the Solvinity team across the entire infrastructure, so that the collaboration and the further development was not hindered by customised agreements.

The second objective was to make the environment future-proof and more secure. Examples include patch policy and continuous server hardening, but also anti-ransomware and anti-DDoS.” Furthermore, firewalling was improved, the network security was strengthened in accordance with COBIT principles and the demonstrability of the measures taken for compliance purposes was simplified.

In 2020, Project STRAIN was completed. As a result, the IT infrastructure is not only more efficient and more scalable, but ONVZ also meets the increasingly high security and compliance requirements of, among others, De Nederlandsche Bank and the baseline of the Center for Internet Security. “In addition, a lot less ad hoc changes are needed, as a result of which the number of modifications required has decreased”, according to Rundervoort.

“Solvinity is a service-oriented partner that listens and contributes ideas.”
Jan-Dirk Rundervoort
Supplier Manager with ONVZ

Future-proof in the cloud

STRAIN was not the end of the modernisation process within ONVZ. At the end of 2021, the collaboration with Solvinity was extended once again by a period of five years. Further cloud migration and outsourcing by verSaaSing is a priority for Rundervoort.

In that hybrid ecosystem of ONVZ, Solvinity currently manages the central data hub, which all private and public cloud connections go through in order to safeguard security and compliance standards. Furthermore, ONVZ’s private cloud environments will continue to be managed, in their entirety, by Solvinity.

In addition, Solvinity will provide consultancy services in order to support ONVZ with their further modernisation. “We have always been completely satisfied with the collaboration with Solvinity”, says Jan-Dirk Rundervoort, supplier manager with ONVZ. “We no longer have any in-house specialist knowledge of infrastructure and networks. Solvinity is able to give us good advice about that.”

Download the ONVZ case study

ONVZ and the right balance between compliance and innovation

Learn more about how ONVZ secured security and compliancy with a stable & future-proof hybrid cloud infrastructure? 

Other cases

Cases

11 September 2024

Case: de Vereende

Under DORA, financial institutions are required to conduct regular security assessments. De Vereende works with Securify...

READ MORE