Electric Company, Elvia, Automates Security and Meets Regulatory Guidelines with Aqua

As Norway’s largest power distribution company, Elvia supplies electricity to one-third of the country’s population—more than 2 million people. Its power grid encompasses more than 65,000 km of network and cables across 50,000 sq km, and more than 900,000 sensors provide real-time network monitoring and insight to ensure customers have reliable service to power their daily lives. With an eye on innovation, the company deploys cutting-edge technology and is constantly working to develop new solutions that ensure efficient access to electricity in support of a sustainable future.

When Elvia rolled out smart meters to its vast customer base in 2015, it was transformative. Striving to be the most efficient power supplier in Norway required a shift in the company’s approach to operations. And while software was the key to leveraging data in faster, smarter ways, the IT team found that if they wanted to maximize the value of the new smart-grid data, they would need to build applications themselves.  

Transforming into a software company to support new grid technologies involved a move to cloud native infrastructure for scale, agility and automation. Building software in the cloud made it easier for the team to adapt to changes, iterate on software quickly and push the envelope of innovation. Now, all systems are built on  ‘a central DevOps platform run on MSFT Azure’. The company uses cloud native solutions—Kubernetes, Azure DevOps, and Terraform—to manage multiple lines of business applications in addition to customer-facing applications, all of which must adhere to strict regulatory requirements for security and resilience.  

As it transitioned away from disparate legacy tech, Elvia needed a way to integrate and empower its growing development team to build software at high speed with confidence that they were not introducing vulnerabilities. Finding a solution that shifted security left into developer workflows was a top priority. Because not all developers had a deep understanding of security protocols, automating security as part of their DevSecOps approach was critical.   

Other criteria included: 

• Compliance and container security within Azure 
• Vulnerability scanning for container images, the container registry and serverless functions 
• Runtime scanning and protection 
• Easy deployment on Kubernetes clusters to enable runtime controls 
• Constant real-time monitoring and alerting 
• Seamless integration with their CI/CD pipeline 

With Aqua, Elvia can automate secure development and deployment of their applications within their DevOps pipelines. When commits are pushed to GitHub and container images are built, Aqua ensures that all packages and dependencies are defined, up to date and secure. By embedding comprehensive security testing and powerful policy-driven controls early on, Elvia can deploy continuously with confidence.  

The most important benefit is securing Kubernetes deployments and having runtime protection. Aqua’s detection of anomalous behavior goes beyond point-in-time snapshots and to detect malicious behavior of known and unknown threats in real time, both known CVEs and zero-day exploits. Aqua also offers necessary visibility into the status of Elvia’s environment, so they can understand security events and risk levels and know how to prioritize actions.  

Aqua made Elvia’s transition to cloud native and DevSecOps smoother by providing Elvia’s distributed development teams with tools that automate security. Elvia has increased its development teams’ overall productivity because they can work smarter and spend more time on high-value projects, which aligns with the company’s commitment to working smarter and more efficiently.