MDR first step in security & compliance at iHUB
"MDR is very important for iHUB. Organizations like ours are increasingly being targeted by hackers. We ourselves are hardly able to notice in time if something like this happens. Then you are too late and the damage can already be very large." Mark van Rijn is team leader system network management and quartermaster information security at iHUB. Managed Detection and Response (MDR) is a 24/7 cybersecurity service for securing the IT environment. "We work with such sensitive information," says Mark. "We ourselves have no specialists for it and no service that can monitor it."
iHUB was founded five years ago with a clear ambition: to make children, young people and young adults more resilient in difficult situations and to tap into their zest for life. The labels Horizon, Altra, De Opvoedpoli and De Nieuwe Kans give shape to youth care, special education and youth mental health care under one roof. With a combination of care and education, the organization has a suitable offer for young people and their parents if they need it.
IT infrastructure increasingly important
Internal and external IT infrastructure is becoming increasingly important in (youth) care and education. At the end of 2019, Deloitte carried out various pen tests on behalf of the government on the IT infrastructure of a number of youth care institutions. "This provided insight into relevant points of attention and the most common risks and vulnerabilities," mark explains. "iHUB then decided to have a baseline measurement done by an independent party and then carry out a risk analysis itself. For us, the NEN 7510 standard is central to this. We saw that we were missing essentials around the digital security of our systems.
'We need to outsource a 24/7 cybersecurity service for securing our IT environment'
The NEN 7510 is a national standard, specifically aimed at organizations that deal with personal health information. "We missed monitoring. We don't have the expertise for 24/7 cybersecurity. We have to outsource the security of our IT environment." In the selection of an MDR solution, the entire system administration team had a voice.
Workshops security & compliance
The system administrators of iHUB had already met Wortell earlier. Mark: "System administrators nowadays have more to do with security. For example, with Multi Factor Authentication (MFA), required by the NEN 7510 standard. That is why the team attended four Wortell security & compliance workshops last year on the security of our Office 365 environment." During the workshops, Wortell and iHUB went through the best practice institutions on the basis of a scan of their own environment. Office 365 features such as DLP, labeling and Teams architecture were discussed extensively.
Dave Tol, Sector Manager Healthcare at Wortell: "It is unclear and complex for many organizations to choose which security tools to use and how to set them up. The use of these technologies enables iHUB to get a grip on its data, largely automated." Mark confirms this: "It has given us a good idea of the possibilities for iHUB. During the workshops, the administrators immediately put the theory into practice and they would like to continue with that. That is very important. Because if the people who are actively working on it also like it, then the quality of it goes up."
It was the reason for iHUB to work with Wortell: "We chose Wortell because we knew immediately: the match is there," says Mark. "Very specific network solutions by a traditional security company are sometimes quite a 'far-from-your-bed-show'. This is in your Microsoft environment. It is part of the daily work of our managers. The whole team is involved in this and that is why they have been included in the transition." Dave adds: "We have a use-case library that all our MDR customers can use. This contains use cases and lessons that we have learned from other customers. As a result, iHUB has received a big boost in terms of security from day one."
'MDR gives us more certainty in a safe environment. We have taken the first big step in the field of security & compliance.'
More certainty in a safe environment
According to Mark, MDR is of great added value to the organization: "In an organization like iHUB, we work with a lot of special personal data. These must be continuously protected and monitored. MDR gives us more certainty in a safe environment. We have taken the first big step in the field of security & compliance."
In addition to MDR, Wortell has a broad portfolio of services and Mark sees that as a plus: "As a result, we can easily fall back on Wortell. If we have questions about MFA or Conditional Access, Wortell can also answer them." That sense of partnership is mutual. "Short lines of communication, we find that very pleasant to work with. We think it's important that what we say, that we do. And that the customer also experiences it that way," says Dave. "The low-threshold contact, occasionally give and take, I love that," Mark agrees. To the enthusiasm of Mark and the whole team, MDR recently went live. "We can now let go of this specialism and focus on one of our priorities: improving cooperation with the internal organization, so that our professionals can fully commit themselves to a resilient generation."
