OT & IT security
Today, cyber security not only affects web applications, but every solution, from end devices to cloud-based services. – In other words, practically every electronic device and every application. It is therefore worth considering IT and OT security from the outset. That way, nasty surprises can be avoided.
IT and OT security as added value for new developments
Today, everyone is aware of how important it is to secure a device or application against cyber attacks. The Cyber Resilience Act even makes it mandatory for devices with a digital interface to be secured in terms of IT security. But what measures are appropriate? How can vulnerabilities be avoided from the outset?
The security experts at SCS support internal and external projects throughout the entire development process. This begins with a business-orientated risk analysis. This is followed by support with requirements engineering, design, implementation and secure operation of the solution.
Common standards for secure development and operation are taken into account, such as the OWASP Top 10, the Microsoft Security Development Lifecycle or IEC 62443 for the support of OT projects, i.e. projects in the areas of industrial systems, IIoT or embedded electronics. The technical standards and the risk analysis are an important basis for ensuring that a product can be sold in Europe in compliance with the Cyber Resilience Act.
Retrofitting IT and OT security to existing products
Cyber security can also be increased for existing solutions thanks to targeted measures.
Here we usually start with a gap analysis. As a result, we draw up a list of possible measures, prioritised according to cost and effectiveness.
On request, we can then support you with our experts in the implementation or validation of the implemented measures.
Contact us now now!-
Consultancy and security audits
We support your teams in the development of secure products and applications. This includes advice on relevant standards and other topics such as IEC 62443, ISO 27001, NIS and NIS 2 Directive, Cyber Resilience Act or EU Machinery Regulation and extends to penetration testing of the finished application.
-
Development of safe products
We develop products for you in which we take cyber security into account from the outset. In addition to software and cloud services, this also applies to operational technology (OT) and embedded software.
-
Operation and maintenance
IT security does not end with the commissioning of a solution. Security must also be guaranteed during operation - through regular security updates and, depending on the application, monitoring of the system and regular audits.
How much is needed?
The cyber security experts at SCS can use their experience from other projects to estimate how much needs to be invested in the security of an application. A business value analysis shows how much damage could be caused financially. As the threat situation and the application can change over time, it is important that the processes relevant to cyber security are also regularly audited at a later date. Penetration tests may also be appropriate.
Current projects
For understandable reasons, not all of our customers want to cite their project as a reference when it comes to cyber security. We are therefore all the happier to be able to show this selection – perhaps your project will soon be too?