Telindus' CSIOC secures the digital transformation of OneLife

fr en

Like many industries, the life insurance sector has to adapt to new customer behavior. These new uses illustrate consumer demand for a better experience, delivered through customized and omnichannel offers. To be in a position to roll out new digital tools to its customers and partners, while minimizing the risk, OneLife called on the services of Telindus' Security & Intelligence Operations Center (CSIOC). Nadine Tavolacci, OneLife's IT Security Officer, explains the challenges at stake and how the desired returns were achieved.

<< Back
04/01/2021 |
  • cyber(002)

“Life insurance companies such as ours handle large amounts of confidential information,” points out Nadine Tavolacci. “This means being in a position to guarantee our customers the integrity, confidentiality, availability and traceability of this sensitive data. On top of that, we have to safeguard OneLife's good reputation on the financial market, along with its brand image.”

An external CSIOC for 360° security

To achieve these goals, OneLife had to put in place the operational capabilities necessary to monitor the flows transiting over the company's networks and issue appropriate and relevant alerts in the event of an incident. “We also wanted to relieve our IT teams of responsibility for incident management and allow them to focus on the company's core business,” says Nadine Tavolacci. “Another consideration was ensuring an uninterrupted security service and the possibility of continuous technology monitoring and advice in specialized areas," she says.

Service performance and quality

“To effectively outsource such critical services, we needed to find a supplier that could guarantee excellent service quality combined with maximum responsiveness,” sums up Nadine Tavolacci. “This provider had to demonstrate the capabilities and adaptability to assess existing security arrangements, get a firm grasp of our environments and put in place the processes necessary to respond appropriately in the event of a security incident,” she stresses.
 “In Telindus, we have found a partner that can meet our stringent service performance and quality requirements while respecting our budgetary constraints.”

An in-depth risk analysis

To deliver on the OneLife's expectations, Telindus' cyber security consultants first analyzed the company's entire infrastructure and communications.
They then identified the risk scenarios likely to occur before categorizing potential incidents on the basis of use cases and prioritization. External vulnerability was also analyzed in order to assess the exposure of the company's perimeter infrastructure.

Following this risk analysis and anticipation phase, a rapid escalation mechanism to Telindus' CSIOC team was introduced in order to be able to deal with a major incident, as well as DNS monitoring: typosquatting search, detection of changes in traffic properties, real-time monitoring of compromise indicators.

To validate the defense capabilities of OneLife's infrastructure and communications, the Telindus team scheduled an annual “Red Team” exercise and conducted a phishing test to assess users' exposure to social engineering risk. Finally, it was decided that a cyber security report would be sent to OneLife's IT teams on a monthly basis.

Identifying risks and limiting impacts 

“The monthly reports issued by Telindus confirm the appropriate level of security measures put in place,” confirms Nadine Tavolacci. “The security equipment and tools we use have been approved by Telindus. The most critical data is clearly identified and protected with special care. The CSIOC now allows us to identify threats and risks at an early stage and to limit their potential impact,” she continues. "And the advice provided by Telindus allows us to apply patches and updates as and when needed.”

High reactivity

Through Telindus' CSIOC, OneLife now has access to the support of a team of around twenty cyber-security specialists. Based in Luxembourg, this team provides 360° coverage, 24/7, on three levels of expertise. The team draws on the talents of high-level experts capable of analyzing large amounts of information to pinpoint unusual behavior. These feed into new detection scenarios accompanied by a remediation plan adapted to the actual situation.

“The Telindus team is highly responsive,” confirms Nadine Tavolacci. “The cyber-security specialists are ready to intervene at any time to contain and control any incidents that may occur. They help us implement the recommended measures, whether to modify certain configurations, set up a firewall rule or apply security patches.”

Developing a culture of cyber security

“In the broader context of information security management,” adds Nadine Tavolacci, “we apply the best practice recommended by the ISO 27002 standard and our longer-term objective is to implement the requirements of the ISO 27001 certification standard. We regularly organize awareness-raising sessions for our employees on cyber security, as well as on the operational implications of the GDPR. Telindus is a great help to us as we pursue our goals of continuously strengthening our cyber-security capabilities,” she concludes.

Back to top  | << Back

Communiqués liés

Kda PP
29/05/2024 Personnalités

Kevin d'Antonio joins Strategy&, PwC Luxembourg’s strategy...

Kevin d'Antonio has joined PwC’s strategy consulting business, Strategy& as ne...

PwC Luxembourg

LUNEX lance un certificat en Gestion de la Santé en Entrepr...

LUNEX est fier d'annoncer le lancement de son Certificat en Gestion de la Santé...

Picture Sylvain Merle
24/05/2024 Personnalités

Sylvain Merle rejoint BCE en tant que CTO

BCE annonce la nomination de Sylvain Merle au poste de Chief Technology Officer ...

2024-05 Deloitte Luxembourg appoints 11 new Partners and Managing Directors
23/05/2024 Personnalités

Deloitte Luxembourg nomme 11 nouveaux Partners et Managing D...

Déterminé à élever davantage ses ambitions, Deloitte Luxembourg a promu 11 p...


Foyer choisit la plateforme actuarielle Akur8 pour perfectio...

Foyer, le premier assureur luxembourgeois, a choisi de s’allier à Akur8, pour...

Pierre Marie

PwC’s 2024 Barometer unveils key trends and insights into ...

PwC Luxembourg has just released its 2024 Barometer for the previous year’s ...

PwC Luxembourg

Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more