KONE fortifies trust with Microsoft Sentinel's enhanced threat detection

The Finnish multinational KONE is undergoing a foundational, digitally enabled shift in how it serves its customers and maintains more than 1.7 million elevators and escalators worldwide.

“From a strategic perspective, the aim is for all of our elevators and escalators to be connected to the cloud by 2030,” says Petteri Rantanen, the company’s Chief Information Security Officer.

Bringing all these units online will open up opportunities in how KONE provides services to its customers and ensures their peace of mind—but it’s critical that digitally enabled infrastructure is secure. “It’s a key element in ensuring customers are getting robust, trusted, and secure connectivity,” Rantanen says.

The plan feeds into an ambitious five-year strategy that, among winning residential and cutting carbon, aims to drive modernization in order to create new growth opportunities. It also aims to accelerate digital transformation to enable KONE to change the way it services its customers. Underpinning these shifts is robust cybersecurity, an area where Microsoft products play a central role.

Empowering technicians and customers

Founded in 1910, KONE operates in close to 70 countries. With secure data from connected systems, its technicians can anticipate faults before they happen, reducing downtime in high-traffic environments like hotels or shopping centers. “It’s great for the customer, and for the people using the building,” Rantanen says. “From a people flow perspective, it just makes sense.”

KONE employs around 65,000 people, and about half of them work in the field. Equipping these employees with the tools to work smarter is central to KONE’s strategy.

“Our technicians are often the first point of contact with the customer,” Rantanen explains. “We want them to know before they even leave for the site what equipment is there, what the likely issue is, what spare parts to bring.”

With connectivity, KONE can drive an elevator to a designated floor and open the doors remotely in the unlikely event that a passenger becomes trapped, minimizing disruption and improving safety.

Security is foundational to these capabilities. “If you're doing cyber poorly, that can have an adverse impact on safety,” Rantanen adds. While elevators still include separate mechanical safeguards, digital controls are increasingly important, so cybersecurity must evolve to protect them.

Cybersecurity for a competitive edge

Microsoft Sentinel has helped KONE to make threat detection more efficient. “We’ve seen significant improvements in the last 12 months,” he observes. “For example, we have use cases where our Mean-Time-to-Containment for potential identity compromise has improved from about 60 minutes to roughly 5 minutes through automation.”

“Sentinel provides fantastic visibility,” Rantanen says. “It gives a lot of confidence to us and our customers that we are addressing things correctly.”

After joining the early access program, KONE has started automating level 1 Security Operations Center (SOC) tasks. But, Rantanen explains, the goal is not to fully automate all security operations, but to streamline and automate repetitive and well-defined tasks typically handled at the Level 1 tier. “We still need good people to do cybersecurity,” he says. “I think the work that they’ll be required to do will be significantly different, but from an SOC perspective, we’ll need competent people for things like security engineering and detection engineering. That's not going away.”

Robust cybersecurity acts as a differentiator for KONE in winning business, especially with high-stakes customers in critical infrastructure sectors.

“We have many critical customers with very specific requirements from a cyber perspective,” Rantanen says. “And I think with that visibility, with that technology, with the people and the processes we have, we've been able to win those deals.”

While cybersecurity isn’t always the sole deciding factor, Rantanen notes it often plays a pivotal role—particularly in sectors where safety and service continuity are paramount.

“In many cases where we talk about airports or railway traffic or other customer segments, you can actually get excluded quite quickly if you're not able to demonstrate cyber capabilities—from a visibility perspective, from a secure development lifecycle perspective, from a product and solution perspective,” he says.

People, products, and partners

KONE’s corporate strategy for 2025-2030 lays out the company’s ambitious goal to lead in employee and customer experience, sustainability, innovation, and profitable growth. The four key pillars of this new strategy are: accelerating digital transformation, driving modernization, winning in the residential segment, and cutting carbon emissions.

To supplement this, Rantanen is focusing his cybersecurity efforts on three areas: empowering people, securing products, and strengthening the supply chain. That includes enhancing employee culture, embedding secure development practices across teams, and assessing more than 40,000 suppliers worldwide for cybersecurity readiness.

“The people element continues to be extremely important,” he says. “How do we enhance the culture and employee behavior, but also maintain speed, simplicity, and accountability in everything we do? Cyber quite often is seen as a very technical topic, and many people really don't fully understand it end to end, so how do we demystify cyber?”

In its manufacturing chain, KONE works with more than 40,000 external suppliers globally. “We are a big company, and we need to make sure everyone in that third-party ecosystem has the right mindset and technical capabilities,” he says.

Looking ahead, Rantanen sees AI as both a threat and an opportunity. “We want to be at the forefront,” he says, both in leveraging AI for defense and in anticipating how attackers might use it. One priority is improving predictive capabilities—addressing vulnerabilities and risks before they escalate into incidents.