Red Hat’s customer success in action: Enhancing security posture for organizations across the information services and telco industries

In this blog post, we’re diving deeper into two of our customer success stories, Japan Research Institute and Telekom Slovenije. Learn how these two organizations deployed Red Hat products to enhance systems security while enabling cloud adoption, application development and service evolution. 

JRI combines DevSecOps with secure delivery and cloud agility

The Japan Research Institute (JRI) is a “knowledge engineering” company that offers comprehensive, high-value-added information services through the coordinated application of three functions: information systems, consulting and think-tank.

Before 2020, JRI was not leveraging a public cloud platform as part of its digital strategy and as a part of this, was facing slow time to market, lack of ownership and commitment, vendor locking and high total cost of ownership. That is why, in 2020, senior managers at JRI decided to embrace transformation and the cloud and establish a digital team.

JRI set up its digital team to promote the organization’s transformation and embrace cloud-based platforms and architectures. From the outset, the digital team adopted a policy of shift-left testing and DevSecOps to enhance the security of its applications and platforms across the development cycle and to better avoid roadblocks and delays to production and release schedules.

The team’s initial strategy included adopting public cloud platforms to build, run and monitor cloud-native applications. For their Platform-as-a-Service (PaaS) platform, JRI decided to adopt Red Hat OpenShift Dedicated, which is a fully managed application platform backed by Red Hat site reliability engineers (SREs) 24x7. Not just a container platform, OpenShift Dedicated also provides all of the necessary tools for application development, deployment, monitoring, auto-scaling and backup, plus a wide range of security and compliance certifications. “This enables our engineers to focus on designing robust architecture, writing high-quality code and automating application, deployment and monitoring,” says Takdir Chowdhury, Chief Digital Strategist, DX Systems Division. “All of this helps to ensure stability, security, scalability, and resilience in our digital applications.”

JRI also set a policy to adopt DevSecOps from the outset, rather than trying to add it to standard development processes once they are set up, which is often difficult to implement.

“Before we adopted DevSecOps, several critical and high-severity vulnerabilities were detected during the penetration test phase, which is usually in the later stages of the development cycle. In some cases, we had to delay the release schedule by a few weeks to address and fix those vulnerabilities,” says Chowdhury.

After integrating application security testing and DevSecOps tools in the early development process, no showstopper vulnerabilities have been detected during penetration testing. As a result, JRI can provide higher levels of stability and security before delivering to Red Hat OpenShift and on to a smoother release to production.

Learn more about JRI’s success

Telekom Slovenije modernizes service development with built-in security

As a national operator and the leading Slovenian provider of information and communications technology (ICT) services and solutions, Telekom Slovenije must remain technologically advanced and forward-thinking. Its ambition is to define additional service offerings that will enable it to continue to provide value to its customers.

As the company grew and faced new digital challenges, Telekom Slovenije decided to containerize many of its applications and systems. To do so, the business saw that it needed a reliable industry-standard platform with excellent support, security built-in by default,  and the capability to handle critical applications, mainly their main B2B and wholesale system . The company decided to proceed with Red Hat OpenShift Platform Plus.

A critical factor in Telekom Slovenije’s decision was security, and Red Hat OpenShift’s built-in capabilities in that area mean the business no longer has to handle key security tasks manually. Unlike other products, Red Hat offers key features such as built-in image registry, and monitoring and logging components out of the box. The most important aspect, however, is the security stance of the platform, which is taken care of by default. “If we hadn’t gone with Red Hat, we’d have to do all those security tasks manually,” says Davorin Kocbek, Lead of DevOps Engineering at Telekom Slovenije.

Prior to adopting Red Hat OpenShift, TS had no DevOps department. With OpenShift and Red Hat Learning, they have established a successful, growing DevOps department. Telekom Slovenije also developed standardized continuous integration and continuous delivery (CI/CD) pipeline templates that all of its developers use to deploy applications with greater consistency into OpenShift. Deployments are regular and are released daily—sometimes multiple times a day. Developers execute code builds through pipelines, and deployments take care of themselves. There is no downtime, and errors are fixed as soon as they’re discovered. This approach makes applications more secure and reliable, which improves customer satisfaction.

Included in Red Hat OpenShift Platform Plus,  Red Hat Advanced Cluster Management for Kubernetes, Red Hat Advanced Cluster Security for Kubernetes, Red Hat Quay, Red Hat OpenShift Data Foundation are also being leveraged by the teams. . Red Hat Advanced Cluster Management enables the business to manage all five of its clusters from a single point, and manages a policy that makes cluster applications more secure.

Telekom Slovenije is now updating its main B2B and wholesale system to run entirely on OpenShift, and aims to go beyond internal use cases and integrate OpenShift into customer-facing services. With legacy monolithic applications being replaced by flexible microservices, and software for any new project required to run on OpenShift, Telekom Slovenije has a platform that’s ready for the future.

Learn more about Telekom Slovenije’s story

If you’re interested in learning more about increasing your IT security and protecting your business applications, check out our ebook "Boost hybrid cloud security."