- Application areas
- Work with us
- Right now
- About us
Using cloud solutions offers huge benefits in many different areas. Unfortunately, the risk of cyberattack increases when data is stored in the cloud instead of in-house. Threats include for example data leakage and DDoS attacks that make online services unavailable. If businesses are to fully exploit the potential of cloud, it is paramount to focus on security as an integral part of the solution.
We have long theoretical and practical experience of security and privacy. Several of our specialists have strong professional competencies, such as a PhD in cryptology or mathematics, and through our research projects, we are always updated on the latest trends and technologies in IT security.
We can help you design a security model for your products in the cloud. We can also help you implement security-critical components. Often, cryptology is used for obtaining a satisfactory security level. This is very complex process but we can help you choose the right algorithm and implement and use it correctly.
Make your investment at an early stage in the process, and save money. Avoid costly mistakes and remedy vulnerabilities before the product is put to use by the customer.
In the idea generation phase, we advise you on how to design security into your product from the start to avoid costly errors later on.
In the design phase, we help you develop a secure design. We can also assist you with a threat analysis or an architecture review that helps you identify if your software architecture is properly designed in terms of security.
In the implementation phase, or at the end of product development, we can perform a code review to help you verify that your actual implementation meets the security standards specified by you and your customers.
Throughout the process, we can advise you on cryptology aspects of relevance to your product.
We investigate the threat scenarios around your product. Perhaps you have already considered all the scenarios but are uncertain how to build countermeasures into the software architecture or into the code. With a threat analysis of your product, you can start improving the security level and make it homogeneous. This part of the review as well as parts of an architecture review are often based on the OCTAVE Allegro model.
Building security into your architecture from the start is both better and cheaper. An architecture review gives you an overview of the security risks of your design choices. In combination with a threat analysis, an architecture review uncovers risks in the overall system, detects flaws in the mechanisms that protect your system’s assets, and identifies if further mitigation is needed.
Errors in the implementation of a product constitute one of the major threats to security. In a code review, we analyse your code – or parts of it – and verify if it complies with the expected security level. Code reviews are based on OWASP.
In a penetration test (Pen test), we expose a test system to different attacks. As in the code review, the purpose is to ensure that the mechanisms you have implemented function correctly and cannot be circumvented. The penetration test is also based on OWASP.
Cryptology offers a very high degree of security if used correctly. Cryptology is also very complex, and it can be hard to choose the right algorithm and use it correctly. We have a number of experts with strong professional competencies, such as a PhD in cryptology or mathematics.
The General Data Protection Regulation (GDPR) strenghthens existing rules on data protection. We have the technical skills to help you comply with the GDPR. Read about our services in the field of Personal data protection.