About the customer

Universal Investment is a pioneer in the investment industry and a market leader for fund services and white-label funds. Their clients, institutional investors, and asset managers value the independence and expertise Universal Investment has gained from more than 50 years in the industry. As a financial services provider, they develop extensive investment solutions, including individual structuring, and offer comprehensive administration and risk management services.

Today, Universal Investment provides the full range of investment vehicles for all asset classes across international borders. They grow alongside their clients. Universal Investment administers fund assets of 979 billion EUR. These include 54 billion EUR in retail products, 498 billion EUR in institutional products, and 259 billion EUR in insourcing, direct investments, etc.

Problem Statement

Given its position in international finance, Universal Investment must comply with several compliance frameworks, which include:

• BSI (Federal Office for Information Security)
• KAIT (Kapitalverwaltungsaufsichtliche Anforderungen an die IT von BaFin)
• Digital Operations Resilience Act (DORA)

With their infrastructure built on Azure, including Azure Kubernetes Service (AKS), Windows, Linux, On-Prem infrastructure, and CI/CD pipelines, Universal Investment encountered several challenges in adhering to compliance and security standards, which is why the company first looked to deploy Mondoo.

Meet Daniel, the Head of Cloud & Information Security Solutions at Universal Investment. Daniel is in charge of the company's cloud infrastructure and security and ensures that Universal Investments meets the highest security and compliance standards. Before Daniel and his team deployed Mondoo, it was very resource intensive (time-consuming) to gather all the information about the infrastructure (e.g., Universal Investment has dozens of Azure subscriptions, K8s Pods, Windows, and Linux ) to prepare for the different audits.

When preparing for audits, it took a lot of work for Universal Investment to ensure it had all the necessary information collected or if anything unexpected was upcoming during the audit. They also lacked a unified security and compliance solution for the different infrastructure layers, which made it difficult to get a complete security and compliance overview of the company's infrastructure– this made it almost impossible to complete an accurate risk evaluation.

For Universal Investment, it’s a massive risk if they don't follow the compliance regulations of specific frameworks, as this leads to lost business and legal consequences. At the same time, lacking infrastructure visibility leaves the company vulnerable to cyberattacks.

Solution Statement

After an in-depth market evaluation, Universal Investment decided to use Mondoo to ensure its ability to adhere to compliance and security standards. With Mondoo's solution, Universal Investment was able to reduce and manage risks across the entire infrastructure, including patch management for all systems, significantly reducing its attack surface. Universal Investment also gained a complete asset inventory of the company's infrastructure stack to get relevant data.

Outcomes

Through the utilization of Mondoo during audits and the integration into the existing Splunk and Jira systems, Universal Investment was able to reduce audit time and save resources by 50% significantly. This resulted in a return on investment even before the completion of the first audit. Implementing a security and compliance standard for production environments using Mondoo enabled Universal Investment to identify potential attack vectors early in the CI/CD pipeline. This approach streamlined their process, leading to increased efficiency and cost savings for the company.

Summary

With Mondoo's help, Universal Investment achieved compliance and gained better visibility into its entire infrastructure stack. This helped them to reduce the risk of security incidents and boosted customer confidence in the company's security practices.

By partnering with Mondoo, Universal Investment overcame its security and compliance challenges and achieved its goals, making them a more robust and more secure company.