Skip to content
Case Study

Oslo Insurance — Secure, compliant API modernization

Azul Computing partnered with Oslo Insurance to modernize critical APIs, harden cloud posture, and operationalize SOC 2 aligned security without slowing feature delivery.

Discuss your security roadmap Talk to an engineer
10 days to close critical vulns
0 high-risk audit gaps
100% APIs with automated testing
Oslo Insurance banner highlighting pet insurance.
Customer snapshot

Digital-native insurance with regulated obligations

Oslo Insurance operates a cloud-first platform serving insurers and brokers. Rapid growth demanded modern APIs, rigorous security, and trustworthy compliance evidence to win enterprise partners.

  • Legacy APIs limiting innovation and partner integrations.
  • Multi-cloud footprint with inconsistent IAM and network policies.
  • Emerging regulatory scrutiny across privacy, data residency, and business continuity.
  • Need to coordinate engineering, security, and compliance teams around shared telemetry.
Initiatives

Security, delivery, and compliance in one motion

API modernization

We re-architected critical services, introduced contract-first design, and embedded automated testing across build and release pipelines.

Cloud hardening

Least-privilege IAM, network segmentation, and secrets automation tightened access while maintaining developer velocity.

Compliance automation

Evidence pipelines, policy mapping, and tabletop exercises aligned Oslo’s program with SOC 2 and ISO 27001 expectations.

API security

Threat modeling to automated assurance

  • Performed OWASP-aligned API testing and threat modeling to identify critical gaps.
  • Embedded SAST, DAST, dependency scanning, and API contract tests into CI/CD gates.
  • Introduced red-team inspired attack simulations and post-incident retrospectives.
  • Standardized remediation SLAs with executive visibility via security scorecards.

Accelerated remediation

Critical vulnerabilities closed in 10 days with automated retesting to prove fixes before production rollout.

Cloud posture

Operational safeguards built into the platform

  • Policy-as-code enforced network segmentation, encryption standards, and environment drift detection.
  • Secrets rotation, access recertification, and centralized logging plugged coverage gaps.
  • Disaster recovery plans validated through tabletop and failover exercises.
  • Shared dashboards combined security findings, SLOs, and compliance readiness.

Audit-ready operations

Cloud posture evidence and automated reports satisfied auditor sampling with zero high-risk gaps.

Results

Security and compliance momentum sustained

Business outcomes

  • Unlocked new partner integrations thanks to modernized, well-documented APIs.
  • Customer due diligence cycles shortened with reusable evidence packages.
  • Executive dashboards presented unified view of delivery, security, and compliance progress.

Team enablement

  • Security champions embedded in squads to sustain new practices.
  • Runbooks, training, and response drills kept teams audit-ready year-round.
  • Compliance roadmap extended to ISO 27001 using templates and automation established during the engagement.
Secure delivery

Build trust into every release

Engage Azul Computing to embed security, compliance, and delivery excellence across your regulated roadmap.

Book a consult