System Security System Security

System Security

System / Information Security .

Your information is the most valuable asset of in your organization. As you digitize your operations, you keep most of this information in various systems. The way this information is stored may be easily accessible to third parties. With our experience in securing enterprise systems, we are best placed to secure your system/information. We secure your system at different levels:

  • Design and development. We design systems with security in mind. At Kumusoft, Security is not an after-thought. One of the parameters we check ourselves against is the OWASP top ten security risks. During design and development, we ensure that our systems prevent all the top ten risks.
  • Database. To avoid SQL injection and remote access to your data from remote hosts/servers, we ensure that all communication ports are closed and only connections from the application servers are open. We also perform periodic audits to ensure that any attempt to access your database servers are logged and followed up. Depending on the sensitivity of the data, we can also encrypt part/all of the data.
  • Encryption at rest. This ensures that the selected data is encrypted even when no one is accessing it. This ensures that on the event that someone tries to access this information without the proper authorization, they will not be able to make sense of the data.

    Encryption in transit. Encryption in transit is a mechanism where we encrypt the information just before we transfer it, for example before a form is submitted between the client and the server.

    Data sanitization and validation. Before storing any data in the database, we ensure that all the data supplied is in the format expected. E.g. All dates and in a proper data format and all strings don’t have any unexpected characters. This helps to improve the overall system security.

  • Testing. As part of system testing, we perform penetration tests to ensure that your entire software platform is hacker-proof and cannot be accessed by an-authorized personnel/bots.
  • Deployment. Having a well-designed system is not enough. During deployment, we ensure that your system is properly secured with SSL certificates. This ensures that all communication to and from the server are encrypted and all the information cannot be intercepted by other parties.
  • Maintenance. To ensure that your data is secure at all times, we do continuous security audits to monitor all server communications, login attempts and update history. We also do the following under system maintenance:
  • Backups. A backup is a snapshot of your information at a given point in time. We create backups of your system to ensure that in the unlikely event that your system is hacked, or the server crashes or you lose your data due to any other cause, we have a starting point from which we can restore your normal operations.

    Periodic updates. All server platforms release periodic updates to close any security gaps which are discovered from time to time. Our security team helps you test and install these security patches and ensures that this is done in a manner that does not affect your operations. If we are the developers of this software, we also create updates to the system itself to make sure any security gaps identified are closed, or to make sure it supports the latest platform version. If we are not the developers of the system we are securing, we shall run a complete audit and advise on any changes which needs to be done in the system to ensure that it remains secure.