Based in Solna, Sweden, Vattenfall provides energy services to 6.5 million business and residential customers across several European countries. The power company is committed to fossil-free living, and as part of this goal it has modernized its IT ecosystem by moving resources to Microsoft Azure. To manage security and governance in the cloud, Vattenfall worked with Orange Networks to deploy Azure Security Center and other Azure services to better identify and remediate potential security risks and to optimize its cloud deployments and spending.
For more than 100 years, Vattenfall has been electrifying homes and businesses and making people’s lives brighter in Sweden and across Europe. The energy company has a long tradition of success that stems from a clear vision of the future and a willingness to embrace new technology. Vattenfall is committed to making fossil-free living possible within a generation, and the company has reduced its carbon dioxide emissions by more than 70 percent through the reduction of fossil-fuel use and investments in renewable energy like wind and solar power.
Vattenfall has also brought that same pioneering spirit to its IT operations, with a cloud-first approach that’s enabling a more nimble business and boosting fossil-fuel reduction efforts. “We’ve been moving more of our IT assets to the cloud and embracing digitalization and strategies like increased mobile working to reduce our carbon footprint,” explains Ramon Stockmann, Manager of Cloud Core Operations at Vattenfall. “The cloud also facilitates a more agile work methodology and reduces time to market for new products.”
While Vattenfall now has a corporate cloud-first strategy, the move to the cloud was driven in part by individual business units, which found that provisioning of on-premises hardware sometimes took too long. These units created their own Microsoft Azure subscriptions and began their own cloud projects to take advantage of the cloud’s scalability and flexible, on-demand computing power. The company’s IT team took notice and moved to centralize cloud operations.
As part of its security and governance efforts, Vattenfall has chosen to use Azure Security Center for all its Azure subscriptions. In order to gain a full overview of its cloud environment, the company uses Azure Policy and Azure management groups to enforce access control at the tenant level. It has a well-defined data classification system to help manage what information is allowed to be in the cloud for reasons of security or General Data Protection Regulation (GDPR) requirements.
Throughout its cloud journey, Vattenfall has had the support of a team of Cloud Consultants, Architects, Operating Engineers, and Security Consultants from Microsoft Partner Network member Orange Networks. The Orange Networks team designed the Vattenfall implementation guide for Azure Security Center and worked with the internal Cloud Core Team to deliver technical trainings and facilitate knowledge transfer. Orange Networks also provided internal Vattenfall IT teams with Azure infrastructure workshops and helped Vattenfall develop and implement a monitoring strategy using Azure Monitor and Log Analytics. The team also created and implemented centralized Azure Policies to control governance for Vattenfall’s Azure resources and updated and improved the company’s existing Azure security guidelines.
Vattenfall has developed multiple IT platforms, including an integration platform, an analytics platform, a customer engagement platform, a mobile platform, and the company is currently developing an Internet of Things (IoT) platform. The Vattenfall Digital Platform (VDP) is the company’s common framework and governance umbrella that connects its platforms through a hub-and-spoke model. Vattenfall worked with Orange Networks to assemble the core cloud operating team for VDP development.
“We have a centralized platform-monitoring approach with VDP, but we needed centralized security monitoring to go with it,” explains Stockmann. “With Security Center, we can take advantage of features like Secure Score to see where vulnerabilities might exist throughout our entire platform landscape and remedy them. It gives us great insight and a high level of transparency.”
Adds Astrit Dibrani, Regional Lead South at Orange Networks, “Within Security Center, we can see on a per-subscription basis which resources aren’t following the Security Center best practice configurations, and we support the internal customers for their own subscriptions by helping remedy security vulnerabilities. As Cloud Core Team, we also enable and support the internal Monitoring and Operating Team and Security Operation Center. We can also drill down into specific resource groups and share the relevant information with system managers so that they can respond in a better way. To gain insights and create reporting for management level, we created Power BI reporting that is based on Azure policies and the collected logs in Log Analytics.”
Vattenfall considers the combination of Security Center and Azure Policy, Log Analytics, and customized Power BI reporting to be an excellent solution to its centralized security and governance goals. The company has an Azure governance project that scans resources for policy violations using Security Center recommendations, Azure policies—both built-in and custom—and custom Azure PowerShell scripts. In the past, the company used a lot of custom scripts, but this could be an unwieldy task. With Azure Policy and management groups, the company can set standard policies and apply them more easily, eliminating most scripting.
As new features such as the IoT platform become part of the Vattenfall digital landscape, the company expects that Security Center will continue to supply strong protection. “We want Security Center to be a vital asset into the security health of our entire multiplatform IT ecosystem, including IoT hubs and resources,” says Stockmann. “In the case of public resources or PaaS services, Security Center can add a lot of value.”