SoftwareOne case study

Hoivatie improves security posture with SoftwareOne’s managed service

Hoivatie strengthens cybersecurity across 70 locations through a collaborative and continuous managed security approach

In the highly regulated social services sector, safeguarding distributed operations is vital. For Hoivatie, a growing Finnish social and healthcare services provider spanning nearly 70 locations, maintaining a high level of security maturity across a large workforce presents a unique challenge. Instead of absorbing the massive overhead of an external 24/7 Security Operations Center (SOC), Hoivatie sought a collaborative, systematic approach. By choosing SoftwareOne’s Managed Security Posture service, built natively on Microsoft Defender and Microsoft 365 E5, Hoivatie established an ongoing framework for baseline hardening, proactive threat mitigation, and structured security management. This case study explores how it turned digital security into an evolving, reliable process.

70
Locations across Finland secured under a single consolidated Microsoft environment.
600
Endpoints continuously hardened and monitored through systematic and ad hoc consultations with SoftwareOne.
0
Additional internal IT headcount required to achieve advanced security maturity levels.

Client: Hoivatie
Industry: Healthcare
Platform: Azure Cloud
Services: Managed Cloud Services
Country: Finland

SoftwareOne understands our environment, constraints, and appetite for change extremely well. This is why we trust them to have the right ideas and are eager to act on them.

Juha Alila
CIO, Hoivatie

Choosing the right security path

Hoivatie is a Finnish provider of social and healthcare services with almost 70 locations and just under 1,000 employees across the country. Its relationship with SoftwareOne goes back to 2012.

“At first, we were mainly buying software licenses through SoftwareOne,” says Juha Alila, CIO at Hoivatie, “but when we merged a number of companies under the Hoivatie brand, we relied on the team to consolidate our legacy tenants into a single Microsoft environment, and this deepened the relationship.”

Three years ago, Hoivatie began evaluating how to strengthen its security capabilities, weighing a traditional 24/7 Security Operations Center (SOC) against SoftwareOne’s Managed Security Posture service, built on Microsoft Defender and Microsoft 365 E5 security capabilities.

“We chose not to use an external SOC because we see cybersecurity as something that remains our responsibility – it’s not something you can fully outsource. We also wanted to build our own capabilities and avoid the relatively high cost of an external SOC,” says Ville Korkee, System Specialist at Hoivatie.

Hoivatie’s decision to standardize its security on Microsoft – after considering other alternatives – also made SoftwareOne’s Microsoft-focused approach a strong fit.

A systematic, collaborative approach to continuous cyber resilience

Korkee emphasizes that Hoivatie’s security posture was not flawed. “But working with SoftwareOne brought something systematic and consistent, and turned security into an ongoing process.”

SoftwareOne’s Managed Security Posture emphasizes baseline hardening, configuration management, and continuous improvement, making it a strong fit for an organization that already had solid security foundations but needed more structure, clearer priorities, and expert support.

Hoivatie’s environment includes around 600 endpoints spread across Finland, all of which need to be hardened and monitored. The Managed Security Posture gives structure to this work through a cadence of advisory and technical sessions.

This collaborative approach is a key part of the value Hoivatie gets from the service. Hoivatie and SoftwareOne make decisions on configuration changes and new controls together, with careful consideration for the impact on frontline staff and daily operations. As Korkee puts it: “This is not something that we just buy from outside … we do everything together with SoftwareOne.”

The service is not limited to reacting to alerts as a traditional SOC would; it also includes continuous baseline improvements across identity, devices, and Microsoft 365 workloads, as well as managed detection and response capabilities enabled through Microsoft Defender XDR and Sentinel where required.

The service delivers peace of mind, Korkee believes. “It’s the feeling that you are not alone if something happens,” he says. For a lean IT team, having experienced security specialists ready to triage alerts and distinguish between true incidents and false positives is crucial.

“Even if it’s a false positive incident,” adds Alila, “it helps us a lot when we know that SoftwareOne sees through it and whether it is something that we need to worry about or just false positive.”

This is not something that we just buy from outside. We do everything together with SoftwareOne.

Ville Korkee

System Specialist, Hoivatie

Strengthen your security posture

Ready to elevate your organization's cybersecurity maturity without expanding your internal IT footprint? Contact our security specialists today to discover how SoftwareOne's Managed Security Posture service can protect your operations.

Let's talk

Strengthen your security posture

Cloud Security
Harden your cloud security with 24x7 policy-based configuration scanning.
Read more

Security is never done. You always need to keep improving. And this is the idea behind SoftwareOne’s Managed Security Posture offering.

Ville Korkee

System Specialist, Hoivatie

A trusted, evolving partnership

Several concrete advantages have emerged from the partnership.

First, Hoivatie has significantly increased its security maturity without increasing internal headcount. The managed service provides access to specialized expertise in Microsoft Defender and E5 security features that would be difficult to maintain in-house. Juha stresses that the breadth of the Microsoft ecosystem makes external guidance essential, and the service ensures those capabilities are configured correctly and kept up to date.

Second, the service brings a clear, repeatable process to security improvements. Through the advisory and biweekly technical workshops, SoftwareOne and Hoivatie jointly decide what to do first, in what order, and how to implement improvements in a practical and manageable way. This process orientation prevents security work from becoming a series of ad hoc fixes and instead turns it into an ongoing journey.

Third, Hoivatie benefits from a proactive posture that reduces the likelihood of incidents rather than just reacting after the fact. By continuously reviewing its environment, addressing posture drift, and hardening configurations, the Managed Security Posture service helps make the organization less vulnerable to attacks.

As with all effective collaborations, mutual trust has been key to the success of the relationship between Hoivatie and SoftwareOne.

“SoftwareOne understands our environment, constraints, and appetite for change extremely well,” says Alila. “This is why we trust them to have the right ideas and are eager to act on them.”

Hoivatie played an important role as an early adopter and design partner for the Managed Security Posture offering. It was one of the first customers to subscribe when the service was relatively new, placing its trust in a provider that was still building its cybersecurity reputation. In return, SoftwareOne has used insights from Hoivatie’s environment to refine and expand the service model, including the later introduction of managed detection and response (MDR) capabilities.

Looking ahead, Hoivatie’s parent organization has also joined the Managed Security Posture service, and there is a concerted effort to bring both tenants to a similar maturity level. This demonstrates how the model can scale across related entities, not just single companies, while preserving a consistent security baseline.

“Security is never done,” concludes Korkee. “You always need to keep improving. And this is the idea behind SoftwareOne’s Managed Security Posture offering – it gives you a constant dialogue for change, improvement, and protection against threats.”