Familiarly known as Meita, Meidän IT ja talous Oy serves as the backbone for its clients' workdays, freeing up essential time for its customers. Meita is a trusted and versatile partner in ICT, financial, and personnel management services for owner-customers in the regions of South and North Karelia and South Savo, including municipalities, cities, municipal actors, and well-being regions.
"We offer in-house financial and IT services to municipalities, covering a wide range of services. It includes everything from new working tools to entire new websites for the entire region. Many municipalities purchase our services comprehensively," says Lauri Merisaari, ICT Planner and Senior Software Developer.
“Even an experienced professional encounters new experiences”
Merisaari is an experienced professional in the ICT field. However, in the spring of 2022, he experienced something entirely new when Prove conducted a security audit on a WordPress-based website platform he had developed.
"I've been doing these tasks for about twenty years, but at that time, I was the subject of testing for the first time. The experience was extremely interesting and important. I observed how all the procedures were carried out. Every possible vulnerability was tested, and it showed in the results. We also tried our own processes during an exceptional situation. I had some idea of how I would do it myself, but the testing opened my eyes even more," recalls Merisaari.
For a significant client of Meita, entirely new public websites needed to be created. The project was extensive, and the request for proposal was comprehensive. In the requirements specification, among many other criteria, an external party's security audit was listed.
“I give full points for the planning of the process”
"At first, we defined the scope of the task and planned the work, which was thoroughly discussed with Prove in an initial meeting, which was well-targeted and sensible. The results were meticulously reviewed, and nothing was left out. That's how I would do it. As a special bonus, I must mention that Prove did not provide any extra information. There was no unnecessary information in those documents," praises Merisaari.
Merisaari commends the testing process itself as excellent and clear. He also states that the testing and its results matched the expectations of an experienced professional.
"The meetings were predefined, and the testing went exactly according to the schedule. All communication channels were well thought out. There was no need to wait for responses. I give full points for the planning of the process," says Merisaari. "Prove has the entire process under control, and nothing was left hanging in the air. They had considered, for example, the security level for the meeting so that they don't distribute information carelessly."
Merisaari appreciates the testing experience, especially because he does the same thing in his own field as Prove. In addition to a smoothly conducted test, Merisaari gained insights for his own work, such as drafting an emergency plan.
"I got confirmation from the testing for things that I imagined would be there but couldn't test alone," says Merisaari. "Although the testing went as expected, it was, in a way, disappointing that nothing significant was found."
Testing was unsurprising but a mandatory part of the delivered service, as an external security test was already a requirement in the request for proposal. Merisaari generally sees the value of third-party testing.
"We could have done some investigation ourselves, but it wouldn't have had any concrete value. When an external party confirms the same, it has much greater significance."
“The benefit was worth a lot of money”
According to Merisaari, Prove's testing services are beneficial for anyone involved in software development. He encourages reaching out when something is exposed to the internet or when developing a larger software system. Merisaari states that both private and municipal operators benefit from having a tangible proof of security rather than just self-specification.
"I don't even know the exact amount we paid, but the benefit we received was well worth a lot of money," concludes Merisaari.