Sasecure.de

Security Services: Making Your Business More Secure

Amateurs study cryptography; professionals study economics.
— Allan Schiffman (2004).

Security means many things to many people. While we also offer off-the-shelf solutions for standard situations, we also take the time to find out exactly what your security needs are, and we tailor our offering to your precise needs. In contrast to many other consulting companies, when we make you an offer, we agree on success indicators beforehand. This way, you can easily see whether we have succeeded in making your business more secure.

We will not recommend concrete security measures unless they will have a measurably positive impact on your business. Why spend money to protect assets that are not worth stealing? On the oher hand, it is sometimes vital to protect some assets, even if that turns out to be difficult. Also, secure businesses are better businesses because they have a competitive advantage.

Our offering is competitive both in price and quality. Our employees all have extensive experience, and we work with partners who are experts in their respective fields.

Software Security

We look at your software in order to find security holes. We can work with source code or binaries, or we can perform penetration tests. We can make a fast reconnaissance, finding the most obvious problems, or we can make an in-depth analysis, looking at your assets, your architecture, and your environment. Our recommendations range from the most detailed (“don't use float or double for financial calculations”) to the most general (“use a Role-Based Access Control pattern to control access”).

Once found, security holes are best eliminated. Where that is not possible, we can at least find means of mitigating the effect of breaches, such as containing the offending programs or using input-validating proxies.

Infrastructure Security

When a new email virus hits, you will need to respond within hours, if not minutes, in order to contain the threat and avoid large financial losses. When you are the victim of a denial-of-service attack, you will need to find ways to continue to operate. When lightning, flood or a hurricane strikes, you will need to get your business up again within the next seven days, or you will probably go bankrupt. We have ten years and more of experience in adminitrating large computer installations and we know what it takes to secure it against threats and to protect it against disaster.

Business Process Security

Establishing certain business rules within your company can go a long way of mitigating threats. Off-site backups alleviate the risk of hard disk or software failures. Encrypting those backups prevents data theft. Implementing separation of duties and dual control in key processes will make it impossible for any one employee to harm your operations. We can help you identify those business processes that most need securing, we can help you define better, more secure processes, and we can help you introduce these processes into operations.

Privacy versus Business Interests

We are advocates of privacy rights and the rights of people to own information about themselves. We promote the use of email encryption where possible. We don't like companies that build up, mine, and sell customer profiles. We strongly discourage companies to interfere with employees' rights to privacy. We hate spam.

At the same time, we acknowledge a company's interest in protecting its assets. If you fear that someone inside your company is selling trade secrets to a competitor, you should be able to take measures to find and prosecute the culprit. If someone is attacking your wireless LAN, you should be able to find out what they did, how they did it and what damage they caused. Under current privacy laws, this may well be impossible. Due to our experience, we are uniquely qualified to mediate between privacy concerns and company rights.