Security

We ensure the safety of essential business and customer data within our systems.

Security is an ongoing process involving people and practices, and ensures application confidentiality, integrity, and availability. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind.

Application security

Application security (AppSec) includes all tasks that introduce a secure software development life cycle to development. Its goal is to improve security practices and, through that, to find, fix and prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Secure coding is the practice of developing computer software in such a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.

Secure by design means that software products and capabilities have been designed to be foundationally secure.

Access control

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity. We use various methods to ensure user authentication, including Single-factor, Multi-factor and External authentication providers (for example Microsoft account).

Authorization is the function of specifying access rights / privileges to resources, or to define an access policy. We design and build applications based on functional roles to ensure system and data integrity whilst providing abilities to share or keep data private.

Encryption

Encryption is the process of encoding information, which converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

We utilise Transport Layer Security (TLS), a cryptographic protocol designed to provide communications security over a computer network using the HTTPS address prefix, as well as Database Encryption to secure sensitive information suach as passwords.

Event management

Event management is the recording and monitoring of events to help identify issues and unusual patterns in order to take corrective action to ensure the integrity of a system. We design and build various event management tools within our systems including user Authentication activity monitoring and Exception event logging.

Security software

Computer security software or cybersecurity software is any computer program designed to influence information security, often taken in the context of defending computer systems or data. We employ and recommend various security software systems including and not limited to Firewalls, Antivirus and Password Managers.