“We’ve worked with Huld on product development projects before. In our latest project, their strong expertise in cybersecurity was clear to us.” – Antti Lindström, Product manager, Research & Development, Wille Machines Oy
Wille Machines, part of Wihuri Oy Technical Trade manufactures the best multifunctional environmental management machines on the market for the maintenance and servicing of urban environments. Wille Machines’ Delta series, which includes a fleet management service as standard, consists of five Wille environmental management machines of different sizes. The machines are intended for efficient work all year round, and they show their strengths especially in winter, when maintenance is at its most demanding and expensive.
To serve its customers even better, Wille Machines developed a digital fleet management service, Wille Smart Link, for its machines. With the service, Wille’s customers can monitor the efficiency, economy and historical data of the use of their machines, monitor emissions and consumption, and anticipate service and maintenance.
Before launching its digital service, Wille Machines wanted to make sure that it met the necessary security requirements. Information security can only be reliably assessed by a party independent of software development.
Wille Smart Link was designed by Gofore, and Wille Machines chose Huld as its partner to assess the service’s information security. Wille and Huld’s cooperation has been smooth in previous projects, and Huld’s extensive experience in both machines and information security was a perfect fit for Wille Machines.
The evaluation of Wille Smart Link began with the definition of the scope and needs of testing. API penetration testing and a cloud environment security review were selected for the assessment. The aim of the assessment was to determine the possible vulnerabilities of the open interface and the weaknesses of the Azure environment.
API penetration testing was carried out using the OWASP API Top 10 list, which includes the most common security risks. The simulated attacks were used to look for vulnerabilities that allow abuse, such as excessive access rights or inadequate configurations.
After penetration testing, the assessment of the Azure environment was carried out, where the architecture and design principles of the cloud service were carefully reviewed. A static analysis of the infrastructure was carried out, and the findings were thoroughly documented. The security assessment included an interview with the developers, and at the end of the audit, Huld compiled a report on the vulnerabilities of the cloud environment.
Huld’s experts prepared final reports from the surveys, in which the findings were prioritized and recommendations were given to improve the security of Wille Smart Link and ensure its quality.
“The information security of digital services is crucial. By mapping and raising the level of safety, we respond to risks even before they materialise. In this case, too, the small deviations found could have come to Wille Machines’ attention later in a more unpleasant way.” – Iiris Joutsi, Information Security Consultant, Huld.
Testing Wille Smart Link’s information security helped Wille Machines reduce security risks and provide its customers with an even higher quality and safer service. The security expertise and the correction of weaknesses respond to information security problems before they arise.
Cooperation with a party familiar with information security serves both Wille Machines as a service provider and their customers and partners in a digitalizing world.
“The collaboration between different parties in testing worked excellently. The testing results not only helped ensure the cybersecurity of the current system but also provided valuable insights for the system’s further development.” – Antti Lindström, Product manager, Research & Development, Wille Machines Oy
