Pioneering e-procurement project on its way to the cloud
Summary:
Challenge: Realisation of a secure and highly available operating environment for the VMS e-procurement software in the cloud
Solution: A dual concept including managed backup and managed firewall as well as disaster recovery
Result: With the launch of the platform, cosinex is now a pioneer of e-procurement in the cloud
cosinex GmbH
cosinex GmbH is one of the pioneers in the field of e-procurement, the electronic processing of public sector procurement. From hospitals to municipalities and federal authorities, the public sector is by far the largest client in Germany, with over 30,000 contracting authorities and a procurement volume of 350 billion according to current estimates.
cosinex has been offering solutions for the electronic support of public procurement for over 16 years. The company has since developed into an integrated e-government solution provider for the public sector, increasingly offering its solutions in the cloud.
More than 2,000 contracting and procurement authorities in Germany with over 15,000 users are already working with cosinex products - in the area of public procurement alone.
SaaS procurement management
Digitalisation is also shaping the public sector. As a result of an EU reform of public procurement, electronic communication in tenders will gradually become a legal requirement by April 2018.
cosinex has already had the electronic solution for e-tendering in the form of its procurement management system (VMS) for years. With the VMS, procurement files and processes can be conveniently managed and processed. The modular system helps to document the numerous legal requirements, such as the calculation of deadlines and documentation of public sector tenders, in an audit-proof manner.
In 2014, cosinex decided to no longer offer its VMS exclusively as a classic licence model.
"Providing its solutions as cloud offerings is simply part of a comprehensive portfolio today. However, security is a major issue for us on the way to the cloud due to the sensitive data and high data protection requirements of the public sector," explains Carsten Eschenröder, authorised signatory and Head of Product Management and Development at cosinex. "That's why we were looking for a partner who can implement and document the 'VMS Software as a Service' model in a centralised operation as a cloud solution with extremely high security requirements."
Security standards made in Germany
The task sounds simple - but it was complex: the realisation of a secure and highly available operating environment for the VMS e-procurement software.
"For a provider in the public sector, the security requirements at all levels are even higher than in the private sector. Certificates of all kinds are required and, of course, a high level of technical availability, as non-availability can be highly critical in procurement procedures with a contract volume of over 100 million euros in some cases, for example when deadlines expire," explains Carsten Eschenröder.
In addition to its expertise in the field of managed cloud hosting, Claranet's ISO 27001-certified information security of its product portfolio, its compliance with the German Federal Data Protection Act and its comprehensive technical and organisational security concepts with data centres in Germany were key factors in the selection of a suitable partner.
Our cloud concept has been a complete success. The VMS as SaaS has been very well received and the implementation was flawless. With Claranet, we not only have a partner that fulfils all standards such as ISO 27001 in terms of contract data processing and compliance, but also a partner with great flexibility. This means we can also fulfil our customers' individual requirements."
Customised secure operating environment
The aim was to set up a completely new system that would guarantee the operation of the VMS in the cloud and thus also be available for online use. The dual concept, including managed backup and managed firewall, has a separate MySQL database server for the awarding bodies' sensitive data.
A disaster recovery concept based on a dual data centre concept with two locally separate data centres enables further backup of the data and the system. Even in extreme cases, such as a fire in one of the data centres, the data and system would be safe and recoverable. A so-called disaster recovery was developed and customised in accordance with defined RTO (Recovery Time Objective) and RPO (Recovery Point Objective).
Cosinex's high security requirements for this project were met by comprehensive monitoring of the systems and applications, vulnerability patch management and special hardening with security patches and updates, system limitations and encrypted data transfers.
The leap into the cloud - smaller than expected
Now it was time to move into the cloud - with VMS as SaaS (Software as a Service). A test phase in the traditional sense was not necessary; the product was available immediately. Minor adjustments, rights definitions and technical questions could be clarified quickly "on call" by telephone.
Carsten Eschenröder summarises: "This is how we imagine a good collaboration: Everyone reliably completes their tasks within the defined time and financial framework and the interfaces are clear. Because when it comes to realisation, a direct line is important. The realisation went smoothly, quickly and directly."
The willingness of most public institutions and authorities that use the VMS to embrace modern cloud solutions was surprisingly high. All critical questions were answered satisfactorily and all concerns regarding data protection and data security were allayed.
"We find the fact that Claranet is not one of the really big players very appealing: communication takes place at eye level with a great understanding for each other. You can also see that in the result. We made the right decision," emphasises Carsten Eschenröder.
Claranet manages the operation and takes care of all necessary adjustments and updates to the system environment. And with the launch, cosinex is now also a pioneer of e-procurement in the cloud - with increasing success.
Related articles
Oddschecker makes safe bet for future growth with Claranet cloud migration
Practice tips: Project planning cloud migration
Teamwork: Claranet and VfL Wolfsburg
VMware after the Broadcom takeover: current developments and future prospects
VMware alternatives: These options from other vendors, open source and the cloud