Information security is a major concern for any organization and a top priority for Virta.
Virta is Europe’s fastest growing electric vehicle charging platform and a global innovation leader measured by patents relative to investments in the company. This means that there are a lot of things happening inside the Virta R&D department. But according to the Chief Information Security Officer Sanna Moilanen, one thing is certain: Virta never compromises on security.
“Reliability and trustworthiness of the systems and services is top priority for us. All our development activities aim for reliable, robust and secure services”, states Moilanen.
People are using mobile devices primarily to access consumer services – in EV driver’s case the charging services. Unfortunately, security incidents in the digital world are growingly a way for criminals to target consumers.
Luckily, people are more aware of the risks and expect better information security from the digital services. Also, the regulation requirements have increased. But Moilanen reminds that Virta’s own security work plays a big role in ensuring that the users and Virta are safe.
Excellent external auditing results
Ensuring security is an integral part of every employees’ work at Virta. The security mindset is taught during employees onboarding training and it is supported and promoted by Virta leadership.
Virta has a Secure Development Lifecycle which helps Virta to be a trustworthy partner to our customers. As a part of it, external cybersecurity companies conduct audits, security assessments and penetration tests against mobile and web applications. All found issues are analysed and appropriate fixes and mitigations are deployed.
“It is important to carry out these external security assessments and tests. Even though we pay a lot of attention to security during development phase, sometimes bugs and vulnerabilities may escape our attention. Even the best experts might become blind to their own work”, explains Moilanen.
One recent example is the extensive external testing of the Virta mobile app. All Virta branded partners benefit from the same testing. So far Virta has built already 36 x 2 branded applications, on Android and iOS.
During the penetration tests, external partner concentrated on the mobile app payment process and tested is it possible to charge without paying for the service. The test results were excellent. All attempts to manipulate the system failed.
“Independent tests proofed that Virta mobile app is not only practical and easy to use but also extremely secure and reliable”, says Moilanen.
”Trust and reliability mean everything to us”
Ensuring security is a never-ending process and Virta has defined a security roadmap to ensure the security keeps up with changing threat landscape. Virta has also a responsible disclosure program in place.
”If you believe you have discovered a vulnerability or security bug in our systems we would greatly appreciate if you notify us as soon as possible. This helps us to mitigate it quickly in order to protect the data stored in our system”, says Moilanen.
Virta’s ISO-certification is another example of the 360-degrees security mindset. Virta is an ISO27001-certified EV charging platform. In addition, Virta has successfully completed a Service Organizations Controls (SOC) 2 Type 2 Examination Audit and is now certified. Virta is reportedly the first platform for electric vehicle charging in the world to complete this demanding external auditing.
“This is not the easy way but it is the right way. Trust and reliability mean everything to us. For our customers and partners this means a peace of mind”, says Moilanen.
Learn more about Security at Virta