Case Mehiläinen: Developing Google Cloud Security to Support Global Growth

Operating for more than a century, Mehiläinen has grown from a Finnish healthcare provider into an international operator, shaping the future of social and healthcare services across several European countries. Digitalization, operational quality, and treatment effectiveness are central across all business areas.

With this growth, an extremely high level of cloud infrastructure security became even more critical. To ensure this, Mehiläinen sought expert insight to assess the security of its Google Cloud environment. They partnered with Gapps, which conducted a comprehensive Google Cloud Security Posture Review and delivered a concrete, actionable roadmap to support secure future development.

Cooperation in brief

Starting Point	Keys to Success	Outcome
Mehiläinen executed a significant cloud migration to Google Cloud during 2024. Due to internationalization and growing requirements, an independent security assessment was needed to support a secure and future-proof cloud strategy.	Gapps conducted a comprehensive Google Cloud Security Posture Review, benchmarking the environment against Google's best practices. Mehiläinen gained a clear picture of its cloud environment's security and a prioritized development roadmap.	Mehiläinen established a secure Google Cloud infrastructure. The overall manageability and security of the cloud environment were strengthened, enabling systematic development to support international growth.

Secure Google Cloud Environment Supporting International Growth

Mehiläinen’s strategic growth has recently focused strongly on expanding international operations in Europe, placing new demands on digital infrastructure and data security.

Mehiläinen adopted a Cloud-first strategy and executed a significant migration to Google Cloud during 2024 to build a scalable, modern infrastructure. Google Cloud was chosen based on previous positive experiences and the location of Google's data center in Hamina, Finland, which supports the strictest data protection requirements.

Following the migration, it was essential to verify that the environment met the highest international security and compliance standards. They sought an experienced Google Cloud partner to ensure the cloud infrastructure was built and secured to the highest quality.

We carried out a major cloud migration and were serious about pushing our cloud strategy forward. We wanted a partner to bring an external perspective to the environment and help ensure the solutions would withstand future requirements. We already had good experiences with Gapps and strongly trusted their Google Cloud expertise.

- Aki Valkama, IT Director, Mehiläinen

Gapps was already a trusted partner to Mehiläinen through earlier collaboration on Google Workspace, and Mehiläinen’s ticketing system had also been built with Gapps’ support. Communication was smooth from the very beginning, enabling agile collaboration and a fast, efficient project kickoff.

–– “We immediately found the right person to answer the tricky questions, and meetings were arranged quickly. This is extremely important to us."

A Roadmap to a Secure Cloud Environment with the Google Cloud Security Posture Review

Google Cloud security review took place in the spring of 2025. The project launched rapidly and progressed with an agile approach towards concrete results. Smooth cooperation and starting the project with minimal effort were critical success factors.

"The project launched fast without a heavy preparation phase and proceeded smoothly to clear results. It was important for us to get moving quickly – not six months of planning, but straight into execution before the summer. This was a great success," Valkama describes.

The audit was carried out by a small, efficient team, with key people identified immediately on both sides. Gapps' experts were granted the necessary access to the environment, enabling the assessment to be performed directly within the system without heavy back-and-forth data collection.

We appreciated that Gapps could independently examine the environment and benchmark it directly against Google's best practices. We didn't have to spend time answering questions; the work progressed autonomously and efficiently.

- Aki Valkama, IT Director, Mehiläinen

The comprehensive audit was based on Gapps' and Google's best practices and the CIS Benchmarks (CIS Google Cloud Computing Platform Foundations Benchmark 3.0.0). The review covered areas such as platform security and compliance, Zero Trust architecture, application security, and security operations.

The result was a detailed and practical report containing prioritized action recommendations, identified risks, and a clear development roadmap. Thanks to the smooth project, Mehiläinen’s team could continue developing their environment with clear and actionable guidance.

– “The findings were somewhat expected, but the most important thing for us was getting an easily workable, clear list: where to start, what steps to follow, and how to elevate the security to the next level," Valkama summarizes.

Security that Meets International Scale Requirements

In a global, cloud-based environment, security is not an afterthought; it is the critical foundation for operations, especially when handling patient records and other highly sensitive data. Operations are continuously benchmarked against frameworks and standards like NIST and ISO 27001.

– "Google Cloud's best practices and these reviews directly align with the metrics by which we are evaluated from a compliance and certification perspective," Valkama states.

The Security Posture Review conducted by Gapps provided Mehiläinen with a straightforward picture of its current security posture and a concrete path for meeting evolving security requirements.

Thanks to the collaboration:

Security development work gained clear prioritization and expert recommendations.
Development can be measured against external standards.
The team received concrete tools to drive the development forward internally.

– “Our goal was not to outsource the work, but to ensure that our own team has the right tools, direction, and capabilities to drive the development forward," emphasizes Valkama.

Mehiläinen particularly praised Gapps for smooth cooperation and consistent follow-through. High quality, easy collaboration, and agility are significant aspects of Gapps' services for Mehiläinen.

Working with Gapps has been effortless and swift, yet the quality of service has remained high. Things move forward quickly, and we especially appreciate that Gapps consistently follows through on agreed-upon matters to the end."

- Aki Valkama, IT Director, Mehiläinen

Introducing Mehiläinen

Mehilainen_logo-1 Over the past 116 years, Mehiläinen has grown from a Finnish medical center operator into an internationally operating social and healthcare services entity, with operations in Sweden, Estonia, Germany, and Lithuania, in addition to Finland.

This long history is now closely aligned with digital development, which Mehiläinen uses to deliver impactful, accessible, and seamless care across borders. Mehiläinen's over 50,000 healthcare professionals serve approximately 5 million customers annually, and the company has already accumulated 1.5 million digital customer visits.