“At the modern school of CITAVERDE, pupils, students, and employees feel connected to their profession, their school, and their environment. The skills developed here are learned for life. To ensure a better, more beautiful, and enjoyable future. With this great mission and ambition, CITAVERDE College has been actively involved in information security activities for several years", says Martijn van der Hoorn, IT manager at CITAVERDE. In the Dutch Educational market, different initiatives are available for schools to join. One of them is developed in cooperation with saMBO-ICT, an organization that connects secondary education schools and provides knowledge regarding IT and cybersecurity. "For an IT team with many different tasks and challenges during the day, these initiatives are of great value," says Martijn.
For CITAVERDE College, these activities have gained momentum with the initiation of the Data Breach law and the GDPR legislation. As a result of external research, an internal Information Security project group has been set up, which deals with information security and privacy. This is done by advising, implementing, and directing activities and projects.
With the new laws and legislation in place, Educational organizations are forced to set new standards regarding IT security. Needless to say, schools and universities process a large amount of data regarding students. A breach of this data can endanger the image of the school and potentially big fines by the authorities. Martijn also adds: “Our crown jewels are the personal data in applications and administration of students and employees. The protection of this is our highest priority". During Holm Security's meetings with CITAVERDE College, it instantly became clear that they wanted to create even better insight into their IT security. As Martijn states:
We want to be relieved when it comes to monitoring vulnerabilities in our applications because it is impossible for us to always have up-to-date and sufficient expertise to recognize and solve them. Both the automatic execution and reporting of vulnerability scans, as well as the expertise of Holm Security, supports us in being carefree
With background and ambitions in place, the conversations between CITAVERDE College and Holm Security moved towards a Proof-of-Concept (POC) of the platform. A step that provides a limited commitment and sets boundaries for testing the tool. Martijn notes: "Holm Security assisted us with their expertise in orienting and setting up the configuration. The proof of concept was set up and evaluated with their help".
Jan Willem Plokkaar adds: "During the process of a POC, it is really important to create a clear goal and scope. The communication with the IT team of CITAVERDE College was positive and transparent along the way, which helps our Customer Success team set up the platform scope and provide a smooth test phase". After the successful evaluation of the POC, which took about two weeks, CITAVERDE College and Holm Security entered into the contract conversations. Because of the GDPR legislation, organizations are forced to work with Data Processing Agreements (DPA). These agreements help organizations and their suppliers to set clear boundaries regarding data processing. For CITAVERDE College, this agreement is of high value and therefore, they advised Holm Security to join the Privacy Covenant that is active for Dutch Educational organizations. Jan Willem remembers: “Martijn gave us the tip to look into this agreement, which makes it easier for us to work with schools and universities. It helped in conversations getting smoother. Furthermore, it helps Holm Security and schools to create new cooperation's". The finalization of the contracts and DPA cost about two weeks, and with the POC setup in place, CITAVERDE College could start scanning their environments in the platform that was already live from the PoC.
Currently, the IT team of CITAVERDE College is fully operating the platform. "We have installed a scanner appliance for all of our locations, which periodically scans and reports the vulnerabilities of local networks. The IT team evaluates the reports and sets up action plans to solve the vulnerabilities that Holm Security VMP has found", says Martijn. Martijn highly recommends Holm Security VMP for other companies, especially schools and universities:
Holm Security VMP certainly adds value, even if a school does not yet fully know what the scanning of vulnerabilities means, the platform works intuitively and with the support of the Customer Success team of Holm Security you can easily get started and learn more while you use it