Case FCG Talent: Reassurance to Cyber Security in Cooperation with Cyber Security Specialists
FCG Talent is a Finnish company that develops modern, innovative and user-friendly software solutions for recruitment, HR data management and personnel introduction and development. Their best-known product is the Kuntarekry.fi service, a recruitment portal used by nearly every municipality in Finland, with almost 2 million users. Technology Manager Petri Tuomaala from FCG Talent describes information security as one of the pivotal factors in their products and processes.
FCG Talent looked for an external actor to examine their R&D operations and the level of their information security. According to Mr. Tuomaala, internal processes can be developed to a certain point in-house, but to get to the next level, external opinion and specialists are needed for an out-of-the-box view.
“Paying attention to information security is important in software development and demands continuous attentiveness. This cooperation with elfGROUP gives us reassurance and cyber security specialist view – that’s what we are willing to pay for,” Mr. Tuomaala states.
The cooperation has had flexible ways of working from the beginning. Service and help have been available in agile manner, responding quickly to service requests. Real-time communication and reporting without delay enable reacting to all possible findings immediately.
Comprehensive cyber security work ahead
FCG Talent has been in cooperation with elfGROUP since spring 2018. They have a continuous, monthly-based contract on cyber security work that concentrates on improving cyber security in a topical matter each month. Within the monthly work, elfATTACK cyber security testing has been carried out to FCG Talent’s all products, including their different user interfaces and user roles. Continuously developing software demands continuous cyber security work, where this monthly cooperation fits in perfectly.
The cooperation that has lasted already for 1.5 years, has advanced from cyber security testing to more comprehensive cyber security awareness. Lately, the work has concentrated on developing FCG Talent’s R&D processes and ways of working. The OWASP ASVS analysis has been carried out to support this work, to find the next steps that lead the information security work forward. Tuomaala envisions that in the future the cooperation concentrates more on functional specifications.
“Cyber security assurance taking place afterwards isn’t the most efficient way of operating. In the future, our objective is to develop this cooperation to affect our processes on a deeper level and thereby improve paying attention to cyber security aspects in as early stage as possible,” Tuomaala explains.
R&D that considers cyber security aspects from the beginning is both cost-effective and time-saving, when corrective rounds are not needed for software that is ready for launch, but instead the information security has been part of every stage of the development work and in all layers of the software architecture. Cyber secure software products are ready for market quickly, and the time-consuming corrective rounds won’t delay the profitability of the software.