Securely expose APIs in order to send and receive information between Danish Defence’s secure network and the e-Boks platform mandated by Danish law, while automating processes and reducing costs
- Massive cost reduction, with a 96 percent decrease in postage expenses
- Automated processing, replacing manual, USB-based data transfers and labor-intensive postal mailing
- Faster time to market through the easy integration of new services
- Rapid return on investment, with payback on the solution in six months
Enabling digital communication to comply with Danish law
The Danish Defence is the unified armed forces of the Kingdom of Denmark, charged with the defense of Denmark and its overseas territories, Greenland, and the Faroe Islands. Its primary purpose is to prevent conflicts and war, preserve the sovereignty of Denmark, secure the continuing existence and integrity of the Kingdom of Denmark, and further peaceful development in the world with respect to human rights.
Under Danish law, all government agencies must communicate electronically, using Denmark’s e-Boks platform, rather than sending printed mail. Today, all Danish citizens have an e-Boks account, which provides companies, public authorities, and private individuals with a secure platform for digital communication.
To comply with this new legislation, Danish Defence needed a secure solution for exposing APIs to send and receive information between their secure network and e-Boks. The solution also had to enable Danish Defence to communicate with other trusted third-party vendors, automate their processes, and sharply reduce costs associated with postal mailings.
Point-to-point connectivity with trusted third parties
In addition to e-Boks, Danish Defence needed to communicate securely with other trusted third parties by establishing a point-to-point connection with each external partner. A priority in this regard was the Danish healthcare system.
In Denmark, each person can access their electronic medical file, which contains diagnosis and treatment information supplied by healthcare providers. Danish Defence needed to securely communicate with hospitals and doctors on the healthcare network. A typical use case would be to organize medical checkups for fighter pilots before they deployed.
Although the solution would initially be used within Denmark, the goal was also to use the solution with international partners, in the context of Denmark’s role as a NATO ally and member of the European Union.
To avoid the “Snowden Effect,” be proactive
“We had to set up a secure connection to transport information in both directions,” said Commander Kim Holm, Head of Policy & Architecture, Danish Defence IT. “We also had to control the information, both when we’re sending it out and when it comes into our system.”
For outgoing transmissions, Danish Defence needed to specify normal behavior, so as to detect unusual behavior, and then permit or deny a transmission according to a set of rules, examining the sender, the proposed recipient, the volume and type of data being sent, and the date and time.
“We don’t want to have a Snowden effect,” Holm stressed. “We needed to verify, for example, whether there is authorization to send hundreds of documents to a particular person’s e-Boks. If the transmission is authorized, we release it; if it’s unauthorized, the documents don’t get sent.”
For incoming transmissions, Danish Defence needed to be able to inspect XML-based information and PDF attachments. From the start, they decided not to accept Word or Excel documents, given the risk they contain code or viruses.
Reducing the workload and slashing costs
Another challenge for Danish Defence was to automate its processes. “Everything we did was manual,” said Holm. To send data electronically, for example, they transferred data from a secure computer onto a USB key, walked the USB key over to an internet-connected computer, and then sent the files to e-Boks. It was a labor-intensive, expensive process.
Another major source of costs was the extensive use of postal mailings for many or even most of the documents sent by Danish Defence.
Axway, Axiomatics and Sopra Steria for the win
For several years, Danish Defence had been studying the issue of secure communications from the architectural standpoint. However, when the national law passed that mandated the use of e-Boks, they needed to move ahead – and quickly. In line with European Union regulations, Danish Defence issued a public call for tender.
“We did a thorough, in-depth survey before choosing the solution,” said Holm. “Our priorities were the quality of the solution, and execution of the project. Price was also a criteria, but a minor one.” The winning bid, tendered by Sopra Steria, included:
- Axway API Gateway to expose and secure messaging APIs
- Axiomatics Policy Server to apply fine-grained authorization to the APIs
- Sopra Steria to provide professional services, including solution integration
“The rules are stored in the Axiomatics Policy Server, which is used by the Axway API Gateway,” said Holm, describing the solution. “The Axway API Gateway provides the XML check system that inspects the XML part of the transmission, using the Axiomatics Policy Server as its reference point.”
Deployment in a secure DMZ
Before implementing the solution, Danish Defence prepared the environment. “We had to set up our internal infrastructure, creating a DMZ and making it as secure as we could,” said Holm. “Once it was fully secure, we could put the Axway and Axiomatics components into the DMZ, and Sopra Steria could implement the solution, which would be managed inside the DMZ.”
“Sopra Steria was our main contractor, while Axway and Axiomatics provided training on their products.” said Holm. “For us, it was like working with one company. It was a good relationship.”
To access the new solution, internal systems at Danish Defence – including the SAP environment, the document handling system, and the healthcare system environment – are connected to an enterprise service bus (ESB), which is in turn connected to Axway API Gateway.
Tapping into a pipeline of new apps
Project implementation took just six months, from April to November 2015. Among the first business processes switched to the new solution was communication with job candidates. Contracts for new employees are now sent to the person’s e-Boks account over Axway API Gateway, rather than by postal mail.
Currently, new applications in the pipeline include:
- Recruitment campaigns
- Healthcare appointments for military employees
- Training programs
Based on initial projections, transaction volume at full deployment is expected to be about 50,000 documents sent or received each year.
Sharply reduced costs and a rapid ROI
After just three months in production, the solution is generating major benefits for Danish Defence, including:
- Massive cost reduction. Previously, annual costs for postage were 5 million Danish Krone (DKK). With the new solution, postage costs have been slashed to 200,000 DKK per year – a 96 percent savings. Labor costs have also been significantly reduced.
- Automated processing. The solution replaces labor-intensive postal mailings and the manual, USB-based transfer of data. “Now you just sit at your desk and push a button, and the solution does the job for you, sending the letter to e-Boks,” said Holm.
- Faster time to market. “Now that we’ve set up the solution, it’s very quick to integrate a new service,” said Holm. “We just set up a call for the service on the ESB, and add a rule to the policy server.”
- Excellent performance and high capacity. “We have the capacity to add many different kinds of internal vendors,” said Holm. “On the performance side, it’s much easier and faster to send information.”
- Rapid return on investment. “We had to invest to set up the solution, but that’s nothing compared to what we paid before,” said Holm. “The payback on this solution is about six months.”
“The new solution is essential for our business. It enables us to send and receive information electronically, in compliance with Danish law, while significantly reducing costs. We’re satisfied with the solution, because we got what we want.”
Kim Holm, Head of Policy & Architecture, Danish Defence IT
A roadmap to the future
Danish Defence has an extensive roadmap for the new solution, both short and long term.
- Meeting demand for new services. “We have over 20 requests in the pipeline from departments that want to use our solution for e-Boks,” said Holm. The requests involve the SAP environment, as well as the document-handling, healthcare, and education systems. “At this point, we’re almost a victim of our own success,” said Holm. “We need the resources to implement all these requests.”
- Adding the capability to inspect incoming PDF files. “When we receive a PDF from e-Boks, we need to inspect it before we distribute it to its designated recipient,” said Holm. “We will inspect the file in the DMZ, putting it in a sandbox for five or ten minutes. If the file is OK, we’ll send it on.”
- Military applications. “We’re now seeing whether we can lift this solution to a higher level of security,” said Holm. “We want to use it to exchange information between systems with higher levels of security and those with lower levels – and the other way around.” Before being deployed, this use case must be accredited by Danish Defence security, a process currently underway.
- International deployment. In the future, Danish Defence wants to use the solution to exchange logistics information with its European Union partners. Other applications with NATO allies are also envisaged.
“The new solution is essential for our business,” said Holm. “It enables us to send and receive information electronically, in compliance with Danish law, while significantly reducing costs. We’re satisfied with the solution, because we got what we want.”