The Education Division of the City of Helsinki is Finland’s largest and most diverse organiser of early childhood education, pre-primary and basic education, upper secondary education, vocational education and liberal adult education, with 14,000 employees serving 140,000 Helsinki residents in over 700 locations every year. As a responsible organisation, the Education Division makes constant efforts to improve its security features. The latest project, carried out in cooperation with Sulava, introduced a wide range of new tools and features to enhance the security of the learning environment.
One of the goals of the Education Division of Helsinki is to create and maintain the world’s most impactful place for learning. The Education Division wants to contribute to making Helsinki an internationally recognised, pioneering city where people are learning to learn and work together.
The data security of this organisation of almost 90,000 teachers and students is actively monitored and developed in a Microsoft environment.
“Our education sector has been using Office 365 since 2013. More than a year ago, we decided to acquire security tools from the higher-level plan and adopt more extensive security features to ensure the security of the learning environment,” says Martti Kukkonen, the Education Division’s Head of Data Security.
Protecting the information of a diverse user base
The Education Division’s information systems are used by a diverse group of people from primary school children to adults, which naturally poses particular challenges for data security. The key is to ensure that everything works as a whole and that the mass of data can be appropriately managed.
“In the world of education, security features cannot be enforced in the same way as in the corporate world. For example, schoolchildren cannot be given very strict password requirements due to their skill level, and multi-factor authentication must be adapted for the users,” Kukkonen says.
Microsoft 365 A5 license security features
Carried out during the pandemic, the goal of the Education Division’s project was to expand the use of security features by making better use of the A5 plan they had already acquired. The overall goal was to improve the security of the Microsoft 365 environment and to protect the user identities better.
With Sulava’s assistance, the project took off in March 2020 with two workshops focusing on
Microsoft Sentinel and the adoption of A5-level security products. The workshops compared the current security level with the new features. On this basis, an implementation project was planned and finally concluded in early 2021.
The project’s key areas were identity protection, email security including Microsoft Teams, SharePoint Online and OneDrive, file and data security, endpoint security, access management and security incident management, monitoring and reporting.
”From the perspective of our information management, the key was to improve the visibility into the Microsoft 365 ecosystem as a whole. The core elements of this project were to introduce the security information and event management solution Microsoft Sentinel, to reduce the number of unnecessary alerts and to enable conditional access and multi-factor authentication. It was also important to improve email security, so we carried out several updates in that respect,” Kukkonen says.
The people who participated in the project from the Education Division were their data security specialist and a group of M365 administrators. In addition to the six project team members, there were pilot users from the schools in the project. The management of the Education Division was also involved in the project by approving the upgrade to the higher-level plan.
Global pandemic created challenges and opportunities
Launched in early March 2020, the project took place in the middle of the pandemic year, which affected it in many ways. The main challenge was that the deployment could not be fully carried out as planned. On the other hand, the pandemic-related shift to remote working and studying encouraged the adoption of the tools.
“It can be more difficult to implement changes in a remote learning situation than under normal circumstances as it is not as easy to ask your colleagues for assistance. On the other hand, these exceptional circumstances pushed the users to familiarise themselves with the devices, software and login systems, which naturally moved our project along,” Kukkonen says.
It was a positive thing for the Education Division that the schools already had enough devices, so there was no device shortage when the shift to remote learning happened.
“This was clearly not the first case of this kind for Sulava”
Sulava has worked in partnership with the Education Division already before. The previous good experiences influenced their choice of partner.
“Sulava has solid experience and expertise in these kinds of projects, which made the process run smoothly,” Kukkonen says, adding, “A fully remote implementation was perfect for this type of cooperation, and we took full advantage of the possibilities of current technology.”
Future focus is on authentication and devices
The project gave the Education Division the capability to adopt multi-factor authentication. In the future, its use will be extended among staff and students.
“The goal is to enable multi-factor authentication for everyone who wants it. In the future, we will pay even more attention to endpoint security in another project. In this project, we already carried out a proof of concept for that, and next we want to move on to implementation,” Kukkonen says.
Author: Juhani Lassila
Published in April 2021
- The Education Division serves 140,000 Helsinki residents in over 700 locations every year with 14,000 employees.
- The data security of this organisation of almost 90,000 teachers and students is actively monitored and developed in a Microsoft environment.
- This project introduced a wide range of new tools and features to enhance the security of the learning environment.
- The project’s key areas were identity protection, email security including Microsoft Teams, SharePoint Online and OneDrive, file and data security, endpoint security, access management and security incident management, monitoring and reporting.