Here’s a summary of how HSL Helsinki Region Transport improved its code security and services using GitHub Advanced Security for Azure DevOps, according to the Microsoft customer story:
Background:
- HSL runs regional transport in the Helsinki area, responsible for about 60% of Finland's public transport journeys, relying heavily on its HSL app for ticket sales.
- On December 12, 2022, HSL suffered a major cyberattack which completely paralyzed its operations—serving as a wake-up call that its security measures were no longer sufficient.
- The incident pushed HSL to strengthen its security posture with a focus on “security by design.”
- HSL’s HSL app was already running on Microsoft Azure.
- To further boost security, they implemented GitHub Advanced Security for Azure DevOps, with support from Microsoft partner Solita.
- The solution improved security not just for the HSL app but for all HSL’s current and future applications.
- Greater Visibility:
- The new tool gives HSL much better insight into code vulnerabilities, making teams more aware and able to better protect their applications.
- Immediate visibility of security issues (“the visibility will give you pain—but we consider pain as a benefit in this matter,” said Petri Kukko, CISO of HSL).
- Cultural and Organizational Change:
- HSL embraced a “security champion model,” designating representatives in various teams to bridge cybersecurity and business, encouragement of sharing knowledge and improving collaboration.
- About 10 champions hold regular sessions, sharing experiences and best practices.
- Security by Design:
- The approach and tools embed security into the development process, making developers “much more secure.”
- Tools and reporting offer a clear list of vulnerabilities and direct support to resolve them.
- Faster, More Agile Response:
- HSL’s developers could see the benefits and results immediately.
- Adoption of DevSecOps practices became central in their software development.
- Compliance:
- HSL handles payment card data and must comply with strict standards like PCI DSS. Microsoft’s tools helped them achieve necessary compliance.
- “All we had done until that point in terms of security was no longer enough. We needed to become more resilient.” – Petri Kukko, CISO.
- “We needed something that would give us more visibility around code security… that has very much changed now.” – Akseli Wiik, Cyber Security Specialist.
- HSL’s transformation is as much about technology as about people and organizational culture. With the right partners and internal champions, HSL believes it’s now in a much stronger, more secure position to serve its millions of customers.
Read the full story on Microsoft’s website: HSL improves code security with GitHub Advanced Security for Azure DevOps
Source: Microsoft HSL improves code security and provides better services to its customers with GitHub Advanced Security for Azure DevOps | Microsoft Customer Stories