Valtori’s web platform leans on Cloudflare

Ambientia's public sector unit is now part of HiQ. Read more.

The Government ICT Centre Valtori works within the Ministry of Finance's administrative branch, operating under the law. Its mission is to ensure that the everyday operations of government are smooth and secure in terms of ICT services and tools.

Valtori develops, maintains, and protects the country's largest ICT environment with carefully selected partners so that all its customers can collectively focus on advancing Finland. Valtori's customers include all government agencies and institutions as well as a large number of state-owned enterprises, authorities, and, for example, the Parliament.

HiQ has previously collaborated with Valtori by developing a shared online publishing platform (YJA) for all Valtori customers. Since 2019, HiQ has secured the YJA service using Cloudflare protection services. With the newest agreement with HiQ, Valtori can protect other public services it produces with the same solution.

Service usability and speed

Valtori's approximately 80 customers have hundreds of websites, about half of which use Valtori's shared YJA platform. YJA service customers collectively make over 47 million visits to the services per month. These visits constitute over 3.5 billion queries to the service providing websites. Each query must be answered without fail.

Valtori's customers are Finland’s leading experts and decision-makers, as well as citizens using government services. It's clear that the system's functionalities must be top-notch.

"Our customers include organizations of various sizes and industries. It's important that we can offer them usability and security, leveraging synergies," says Product Manager Taina Hyytiäinen from Valtori.

The website on which Cloudflare services are enabled does not directly share its content; Cloudflare acts as a Content Delivery Network (CDN) for the service. Site users connect to the nearest Cloudflare service point, which acts as a cache for the content being sought.

Cloudflare's global capacity smooths out traffic peaks when multiple users try to access the site. When content is delivered near the user, it enables fast service for the customer. That’s when security measures take place close to the user, too. All this is made possible by Cloudflare's unique architecture.

"Smooth operation is significant for us. With Cloudflare's content delivery network, the pages are quickly available to the end-user. This is evident to users and saves their time."

"Cloudflare also brings cost savings to public cloud service costs by transferring only the required amount of data from the public cloud service. At the same time, scaling the service even to large traffic peaks is possible and cost-effective," says Technology Director Matias Mäkinen from HiQ.

Security is the top priority

Distributed Denial of Service (DDoS) attacks, originating from multiple sources such as compromised computers and other internet-connected devices, are simultaneous attacks making the targeted site unusable. Cloudflare is one of the world's best DDoS attack mitigators. In addition, the service enables protection against ransomware, identity theft, and exploitation of application vulnerabilities.

"Security is, of course, a very important factor for all government ICT operations. That's why Cloudflare has been a natural choice as a partner," says Hyytiäinen.

"We know that web services are always targeted by attacks. Over the past year, this issue has become a particularly important topic. If the service couldn't fend off attacks, it would be evident on the websites and in the media. Security for us means that the sites function normally even if they face attacks," she says.

"With Cloudflare, all services are as close to the customer as possible. It means that all services are also as close to attackers as possible, allowing the attack to be thwarted immediately near the point of attack. Thus, harmful traffic doesn't need to be unnecessarily transferred any further on the internet. This enables almost unlimited scalability," says Mäkinen.

Services are available even during attacks

"For Valtori's services, which have large visitor numbers and are invaluable to the operation of our country, it's critical that the service is available to all its users even during attacks. With Cloudflare, we can mitigate the attack in a way that ensures legitimate traffic can still pass through, regardless of the user's location," says Mäkinen.

"There’s a global interest in matters related to our country’s government, so information security requires broad understanding and diverse capabilities to act. Cloudflare has a broad overview of security threats and their mitigation, as well as many means available when attacks occur. The service is able to identify the type of attack very precisely, so there's no need for broad countermeasures such as blocking a country or an operator. The attack can be precisely thwarted only for malicious traffic," says Mäkinen.

Cloudflare can also react to and thwart zero-day attacks, situations where the attacker seeks to exploit a security flaw in the service before the service developer has noticed the flaw.

At present, 93% of all YJA service content is delivered directly by Cloudflare, close to the end-user. The use of Cloudflare is not visible to customers – except as smoothness and security.

"Feedback on IT services typically comes only when they don't work as expected, e.g., when there are service disruptions. When the service works excellently, there's no need to pay special attention to it or to provide feedback," Hyytiäinen muses.