Case Aiven.io – Provenly Cyber Secure Cloud Database Service
Aiven Ltd. is a world leading cloud database as a service company. Aiven offers 7 popular Open Source database and messaging solutions as a fully managed service in 5 cloud platforms and total of 71 regions.
Aiven operates internationally with both small and large companies to whom the cyber security of their databases is critical. To support their sales and marketing communications, Aiven searched for service provider to carry out external cyber security testing to their service platform. Aiven’s business is based on the security and trustworthiness of their cloud-based database service. Therefore, assurance on the high level of cyber security, given by an external party, is remarkable for Aiven.
”Our clients demand first class cyber security from us, and that is what we wanted to demonstrate with an external evaluation” tells Heikki Nousiainen, Aiven’s CTO.
elfGROUP carried out the elfATTACK cyber security testing and issued them the CyberSafe Certified Solution certificate in August 2017.
During the elfATTACK cyber security testing, the whole cloud platform was assessed in order to discover potential cyber security vulnerabilities. A comprehensive cyber security report was then written by elfGROUP’s cyber security experts to provide the results of the penetration testing conducted. elfATTACK reports are always expert written and focus on the developer and systems architect perspective to deliver practical and hands-on guidance on how to improve the target system’s cyber security posture.
”We believed that we have decent competence in cyber security, but of course it helps to get an outsider opinion that it’s A-Okay,” states Nousiainen.
Cyber security always as an integral part of software development
Cyber security work is continuous in the world that is always changing, new cyber security threats emerge, and the cyber security of any software based platforms needs to be held up-to-date nearly constantly.
“The earlier stage, and the better fused into the software development project, cyber security design and assurance work is done, the better and more cost effective is the result,” tells elfGROUP CEO Tuomas Tonteri.
Besides technical immunity, companies can gain marketing and competitive advantage, when cyber security work is openly brought up and made visible. Evidence of the high level of the cyber security will assure customers that the company is doing things right. Often an external cyber security test is a prerequisite from a customer or by a complied quality certification.
Currently elfGROUP and Aiven are undergoing annual cyber security testing and renewal of the Aiven.io’s CyberSafe certificate.
Helping towards the ISO27001 process
Aiven has just recently been awarded the ISO27001 certificate. Nousiainen iterates how the CyberSafe certification with elfGROUP was an easy first step in the field of assessing their cyber security level, because they could effortlessly outsource it. On the other hand, applying for ISO27001 security certification is a rigorous process that demands lot of internal work. The Aiven team feels that these certificates are complementary to each other. The ISO27001 process requires information security checkups, where elfATTACK is a great help.
”I’ve been very pleased with the cooperation with elfGROUP. They understood well what we wanted and what was our goal. The whole process, from initial order to testing and reporting, was very easy, and we’ve had extremely good and professional service,” tells Nousiainen from Aiven Ltd.