1

Business Security

Typically, CEO’s, CSO’s and business owners wrestle with determining adequate investments in security. We can help you to align security demands to fit your business needs – neutrally to your industry, company maturity and size. Our customers consist of global corporations, public sector agencies and start-ups, and with our business security services we can assure your business continuity with decent ROI.

We are experienced at:

  • Digital security strategies and policies
  • Business continuity development
  • ISO 27001, ISO 20000, KATAKRI compliance support
  • Risk Management & risk-Driven security processes
  • Security manager as a service (SMaaS)
  • Secure service management
2

Identity Security

We are the digital world. This means our identity and personal data sail in the transactions of global digital ocean. As digital services increase our well-being and productivity, we want to make sure your customers’ and employees’ privacy is secured according to the current regulation.

At organization level, productivity and usability requirements demand that employees can access securely required information according to their work roles. Usually this is not an easy task to resolve and in worst case scenario an IAM (Identity and Access Management) project resemble of an exhaustive war between business, HR and IT. We feel your pain and can help you to finish your IAM project in defined time and in budget.

We are experienced at:

  • Personal Identifiable Information (PII) management
  • GDPR compliance
  • DPIA and PIA assessments
  • IAM project management
  • Technical IAM architecting and implementations
3

Cloud Security

Significant changes are taking place in information system architectures as cloud services blend traditional on-premise architectural thinking. From a security perspective, public, private, hybrid and multi-cloud solutions bring variety of new opportunities but also risks. Remember, the cloud is not secure by default, but it can be with suitable security controls.

We offer functional and technical advisory to identify your cloud security demands and implement them in compliance of cloud security best practices and guidelines.

We are experienced at:

  • Multi- and hybrid-cloud security management
  • Cloud security compliance (PiTukri, CSA CCM)
  • Technical security implementation (Azure, AWS, Google)
  • Cloud DevSecOps
  • Critical data management in cloud
4

System & Embedded Security

Quiz: Tell us a system that is immune to security breaches? The answer is none. Nowadays, regardless of which of the fancy acronyms they are called, common to all systems is that they are one way or another networked. Systems vary from traditional IT devices, medical devices, OT (Operational Technology), embedded to IoE (Internet of Everything) systems, and they all require security measures. Industrial OT systems effect our lives more than we might even understand. For instance, execution of critical OT processes provides us continuous water supply and keep our facilities safe and warm. With our expertise, we can help you to lower risk levels in different systems by designing security solutions or identify system vulnerabilities.

With our help, you can improve your software development process and products security posture, so that finally your product owner and CISO can have good night’s sleep. We’ve seen it all, so don’t hesitate to ask help. Our experts provide guidance how to manage security requirements in your CI/CD pipelines, establish automated security testing and code secure code to your products.

Embedded systems bring peculiar twist to security. Addition to the embedded software development, we positively engage your device (physical) security as well as manufacturing and technical maintenance processes.

We are experienced at:

  • Secure gateway and data encryption solutions
  • Traditional and agile SWD security (Waterfall, DevSecOps)
  • Security Test Automation
  • Code analysis
  • Embedded security
5

Space Security

Our planet’s infrastructure is more and more dependent on space. A notion that space systems would be immune to digital security risks, is immensely false. Typically, space system’s life span is long, which means the technology outmode over the years creating security threats.  On the other hand, 15-30 years old system infrastructure is from time when digital security wasn’t any issue. This means there may not be sufficient digital security controls on board.

In new space domain, businesses’ intense race getting UAVs or Drones to the sky typically means functionality override security. Combining our space / new space and security expertise, we provide security development and testing services that enhance space systems security posture.

We are experienced at:

  • Space system’s security standards
  • Secure comm. between Ground Station and a satellite.
  • Satellite secure data management
  • Space systems’ hardening
  • System interface security
  • Typical cyber threats in spacescraft
6

Offensive Security

The 5th century military mastermind Sun Tzu stated a quote that is still relevant: Know your enemy. Our offensive security services provide insights of the mind of an attacker to be capitalized in security development. Our experts can analyse your systems architecture attack surface and create a threat model for potential attacks. Additionally, we can identify your systems’ concrete vulnerabilities and attack against them with our penetration testing techniques.

Remember, we’re your trustworthy buddies, but we can give you tough love – if you desire so.

We are experienced at:

  • Threat modelling
  • Architecture analysis
  • Attack surface analysis
  • Vulnerability analysis
  • Penetration testing
  • Reverse engineering
  • Digital Forensics
7

Security Awareness

Security awareness is a combination of knowledge and culture. To be able to operate securely, you need to be aware of the presence of risk. Our goal is to help you implement security awareness at all levels of your organization. In many cases, IT personnel feel and breath security, while operational actors can experience the concept as a strange. In addition to our deep technical know-how, we can provide you ways to narrow this gap between different actors. To achieve our goal, we offer wide range of security training from classroom lectures to tabletop exercises.

Situation awareness is above all the tool for decision-making. Capability to create holistic understanding about elements in operating environment, is the key factor to make right decisions. While human capabilities are limited, they can be developed with training. To achieve effective situation awareness, also technical visibility needs to be developed. Developing applicable framework for event processing with effective use cases for security information and event management (SIEM), creates the base for technical situation awareness. We are here to help you go through the implementation process as a technical project manager.

We are experienced at:

  • Monitoring and logging requirements management
  • Security even processing
  • Security Incident management
  • Situation awareness in dynamic decision making
  • Security Training
8

Contact us

Contact person

Tarmo Kellomäki

Business Area Manager, Digital Security
+358 44 562 5222
tarmo.kellomaki@huld.io

Tarmo Kellomäki
9

References