IT-Security

As technical architects with years of enterprise-level experience on our tally sticks accompanied by the deep knowledge of IT Security (focussing on cryptography), Electrical Engineering and Information Technologies as well as Computer Science in general, we devise solid solutions allowing for all essential interfaces, standards, regulatory requirements, laws and certainly best practice in order to withstand any audit. We speak the technical tongue and get everyone on the same page to drive home the essential ideas in our relentless pursuit of a successful project delivery.

There is arguably a better way to acquire substantial know-how than to produce your own secure hardware and software solutions. As such, we are aware of the usual pitfalls, gaps, vulnerabilities, shortcomings, technological limitations, but first and foremost we know how to apply and incorporate security above and beyond the usual marketing slogans and shiny attractive packaging. We do not get thrown off by certifications alone always willing to double-check and scrutinise the object or matter at hand. All we need to do for this is simply ask ourselves, how we would go about building the product in question in a secure fashion.

These two terms are all but synonyms to us. On the one hand, our experience in the field of custom software design, e.g. for critical production lines and facilities enables us to take a different approach to quality of work thereby minimising the probability of unforced errors through a typical development life cycle. On the other hand, our sophisticated knowledge of the corresponding security schemes and protocols as well as the essential cryptographic algorithms puts us in an ideal position to implement security standards without the need for interpretation while at the same time also actively avoiding catastrophic mistakes such as memory leakage among other things. To seal the deal, we take the time to engage all the valuable low-level platform protection mechanisms, e.g. Windows DPAPI and its successors to outdo the mundane Solid Access Controls everyone seems to want to rely on as a sole line of defence. We are driven by the recurring observation that most vulnerabilities are in fact caused by poor understanding of the relevant security standards, through oversight or both for that matter.

Even a sound and solid solution requires a seamless and efficient transition into production. In addition to the actual concept, this also involves strong secondary aspects like Identity & Access Management (e.g. PSD2 compliant multi-factor authentication or Single Sign-On), integration with various internal and external interfaces, User Acceptance Tests, Penetration Tests, Risk Management, Disaster Recovery Readiness, Networking & Firewalls, Rollout all the way to comprehensive documentation, communication and of course technical support – either throughout migration or long-term.