The Health Insurance Institute of Slovenia (ZZZS) manages critical digital infrastructure for millions of users. Their digital services must always be accessible, secure, and compliant with regulations. However, as the number of applications and users grows, key challenges arise:
● Lack of specialized expertise
● High workload on the internal team
● Complex management of WAF and FW solutions
● Demanding SLAs and regulations
CHALLENGE
How can you ensure top-notch security and availability without hiring additional staff or incurring rising costs?
Maintaining WAFs and firewalls requires highly specialised domain knowledge, which is in short supply on the market. At the same time, user expectations have risen, regulatory requirements have become stricter, and SLAs have had to remain a priority, regardless of the team’s workload.
SOLUTION
Managed WAF and Managed FW:
Safety and regulatory compliance without compromise
Instead of a rigid implementation, the ZZZS has gained proactive management through the Managed WAF and Managed FW solutions, which include regular updates, monitoring, reporting, and continuous optimisation of security policies. The ZZZS team has thus gained time for more important tasks, as the number of daily operational activities has decreased and dependence on highly specialised knowledge has significantly declined, allowing for a greater focus on strategic projects and a broader view of ensuring the operation of the entire environment.
The security environment is regularly monitored, with fewer incidents and anomalies, a reduced number of false alarms, and faster resolution of vulnerabilities. Systems operate stably, consistently achieving over 99.99% availability with significantly fewer outages and risks. Full regulatory compliance is ensured, supported by regular reports, change management, audit trails, and consistent adherence to all requirements and standards.
“The F5 WAF and Managed FW platforms are among the best in the world and are managed by experts who know them better than anyone else in the region.”
This is not merely the implementation of a service or device, but a long-term solution. As a result, security policies are enforced more proactively, with fewer incidents and anomalies, a reduced number of false alarms, and faster vulnerability remediation, as the solution is based on an understanding of real traffic, requests, and application behavior.
The system is not merely based on maintenance, but is actively improved
Today, security can no longer be ensured through a one-time setup; it requires continuous management, regular updates, monitoring, and improvements. NIL’s solution therefore includes logging and reviewing audit trails, regular reporting, and coordination with the client, as well as external verification of environmental exposure (scanning or “fingerprinting”). This ensures that protection is not only established but also continuously verified, optimised, and compliant with the highest standards.
“The NIL team demonstrates exceptional responsiveness and a high level of professionalism. Communication with both the network and application teams is seamless, and tasks are carried out reliably, transparently, and in accordance with our technological and regulatory standards or requirements.
With their help, we have achieved a level of management that would have been difficult to ensure on our own, and we can now focus on our strategic goals, which are to support services and processes and all (internal and external) users of ZZZS systems and applications.” – Borut Pohar, Head of the Networks Department, ZZZS
Today, the ZZZS SLA systems operate stably, consistently achieving over 99.99% availability with fewer outages and risks, while also ensuring full compliance with requirements, supported by regular reports and audit trails.
Business benefits:
- Reducing the workload on staff and refocusing on strategic goals
- Security and stability of web applications
- Full compliance with internal and external regulations
- Reduced need for highly specialised staff
Technical benefits:
- Expertise and knowledge in the field of WAF, LB, and FW solutions
- Reduction in the number of security incidents and detected anomalies
- 24/7 maintenance and upgrades
- SLA met or exceeded (>99.99%)
- Regular monthly reports and recommendations
The project is run by: Špela Hrovat (Specialist) and Miloš Dozet (Account Manager)
If your team is also facing a heavy operational workload, challenges in meeting SLAs, or a lack of specific expertise, it makes sense to consider a different approach to security and infrastructure management in your company.
Please feel free to contact us for further information or if you have any questions.