Digital Security

The ongoing digital revolution affects our society in profound ways, creating both possibilities and challenges for both companies, governments and citizens.

Success stories


Tornator invests in the information security of forestry

Nordic Drones

Nordic Drones and Huld together towards secure drone solutions


Huld’s assessment provides information security for Swegon’s intelligent ventilation system


Huld helped EKE-Electronics expand into new markets

City of Jyväskylä / Kangas

A cyber security strategy as part of the smart city district

Hospital Nova of Central Finland

Hospital Nova of Central Finland – A smart hospital of the future

The ongoing digital revolution affects our society in profound ways, creating both possibilities and challenges for both companies, governments and citizens. Digital security is often seen as a huge challenge for the digital world, but for us it represents more of a central opportunity. We help you to secure your company, technology, data and people – all in an understandable, appropriate way.

Typically, the company CEO does not agree with the company CISO, that is, the chief information security officer, and the business managers on how much one should invest in security matters. We help you to adjust safety and security to your company’s needs, no matter your line of industry or the size of your company. Our clients range from global companies to public sector actors and start-up businesses. With our security management services, we help our clients define security management activities on the organizational level and guarantee the continuity of your business with an acceptable rate of return on investments.

What we are good at:

  • Digital security strategies and development programs
  • Business continuity development
  • Compliance with IEC 62443, ISO 27001, ISO 20000, and the Finnish national security audit criteria KATAKRI
  • Risk management & risk-related security processes
  • Security management as a service
  • Secure service management

Our security audit services help you understand how attackers work, and give you tools to take their methods into consideration when developing security strategies. Our experts can analyze the attack surfaces in your system architecture, and to create a threat model describing potential attacks. Furthermore, thanks to our penetration testing we can identify any concrete vulnerabilities in your systems and show you how they can be attacked.

You can put your trust on us. Do not hesitate to contact us also in cases where you need someone to give you the worst-case scenario.

What we are good at:

  • Modeling and analysis of attack surfaces
  • Visibility of the services on the Internet
  • Vulnerability analysis
  • Penetration testing (Pen testing)
  • Reverse engineering
  • Security breach investigation
  • Architecture analysis

Digitalization is currently both contributing to our well-being and making our organizations more productive. Simultaneously, we want to make sure that these new digitized systems are safe and that information processed in them is kept secure. Systems now being digitized can represent anything from medical devices to functional technology and embedded systems in the Internet of Everything (IoE). All of these are in need of actions that improve their information security. From digitalization’s point of view, cloud solutions are a source of almost infinite new possibilities. Simultaneously, they do also have risks. One has to remember that cloud services are not per definition information secure. Nevertheless, they can be made secure by applying the right kind of security controls.

With the help of our functional and technical expert service, you can make sure that your digitalization project is carried out safely and according to the best practices and instructions in the business.

What we are good at:

  • Security management for multicloud and hybrid cloud solutions
  • Cloud services compliance assessment (Finnish criteria for assessing the information security of cloud services PiTukri, CSA CCM)
  • Technical security implementation (Azure, AWS, Google)
  • Management of critical information in cloud services
  • Technical architecture for and implementation of identity and access control

Industrial systems are affecting our lives perhaps even more than we realize. Without critical industry processes, for example, water distribution would not function without interruptions, nor would our business premises be safe and have central heating. Thanks to our expertise, we are able to assist in development of cyber security conformity for various systems by identifying the risk levels and vulnerabilities of these systems and by planning security solutions for them.

Our information security experts have extensive experience on both traditional and embedded software development and the standards regulating secure software development. We can help you improve the security of your products, so that both the product owner and your information security officer can get a good night’s sleep without worries about security issues. Our experts can also instruct you in how to manage the security requirements for CI/CD chains and create automatic security testing, not to mention other software development subareas.

What we are good at:

  • Cyber security projects for industrial systems (IEC 62443)
  • Technical security for embedded systems
  • Traditional and agile software development security (Waterfall, DevSecOps)
  • Security test automation
  • Code analysis

The infrastructure on our planet is becoming more and more reliable on space. Thinking that space systems are immune to digital security threats couldn’t be further from the truth. Space systems have typically a very long lifespan. This means that their technology will inevitably be outdated as the years go by. This causes security threats. On the other hand, a system infrastructure built some 15 to 30 years ago dates from an era when digital security was not an issue at all. Consequently, the infrastructure is maybe not even equipped with the necessary controls to ensure cyber safety.

Companies in this new field of space industry are competing on who gets to launch unmanned aircrafts or drones first. In this competition, security is often put on second place compared with functionality. By comparing our know-how on this (new) domain of space with security, we can offer security-related development and testing services that enhance the safety and security of space systems.

What we are good at:

  • Security standards of space systems
  • Secure communication between ground station and satellite
  • Data secure satellite information management
  • Assertion of space systems
  • Security of system interfaces
  • Typical spacecraft cyber threats

On a technical level, a medical device is not different from any connected device in what comes to cyber security threats. What is important to note are the domain specific requirements to ensure safety of the patient and the medical device operators. This means, that any mitigation of a cyber security risk needs to be verified with regard to safety. A life supporting device cannot be shut down even if it has been hacked; neither can the device access control prevent the hospital personnel from acting in the case of an emergency.

Understanding the special needs of the medical domain combined with expert level knowledge on both cyber security and functional safety allows Huld to consult our customers with a holistic view on how to make medical devices cyber-safe without compromising their safety and usability.

What we are good at:

  • Compliance of legislation and standards (ISO 13485, ISO 14791, IEC 62443, ISO 27001, ISO 27005)
  • Safety & Security management and development
  • Secure hardware and software development
  • Secure architecture
  • Secure cloud architecture
  • Security testing

Related insights

Businesses Brace for New Information Security Challenges – EU-Wide Cybersecurity Directive NIS2 Enters into Force in October

Businesses Brace for New Information Security Challenges – EU-Wide Cybersecurity Directive NIS2 Enters into Force in October

The European Union’s new cybersecurity directive, NIS2, sets new requirements for both companies and public administration. The earlier companies prepare for the changes, the smoother the transition will be for them.

Security is not only an attribute of quality

Security is not only an attribute of quality

As organizations require finance and HR functions in their operation, the security function needs to meet that same level of importance.

Choose SDL to make sure your software is standing out

Choose SDL to make sure your software is standing out

Information security and security, in general, is a booming topic these days. Organisations producing software must ensure that their products and software are compatible with the security requirements of their customers, lawmakers, and other stakeholders.