, ,

Guiding the Way through the World of Cyber Security

Staffan Persson

·

Roughly every five years, we refresh our website with a new appearance. As a precursor to our 25th anniversary in January 2025, we are thrilled to show the world our stylish, modern look.

It is atsec’s firm belief that effective security assurance can only truly be accomplished when the product developers proactively incorporate security requirements they thoroughly understand. Thus, it is our responsibility to guide our customers through the complex and changing world of security standards so they can feel confident in their understanding.

To that end, we refreshed our website with a new appearance to ensure it represents the current security standards landscape and that it is simple for anyone to navigate the relevant security requirements and find the services they need.

As we launch this new version of our website, we wanted to take a moment to reflect on the changes in and the demands of the cyber security industry with a piece from one of our co-founders, Staffan Persson:

The world of IT is constantly evolving, becoming more sophisticated, and covering more areas; cyber security is no exception. There are vanishingly few areas where cyber security is not crucial, as regulators usually demand some minimum level of security, and customers also increasingly understand how critical security is. We have all learned that cyber security is not entirely about features or functionality, it’s about confidence in those security measures and their effectiveness; that confidence requires a set of criteria and an assessment showing that these criteria have been met.

When we started atsec almost 25 years ago, security requirements were limited and focused on specific types of products and types of users, so it was a niche market for users and developers of high-security products. Although the security area was not mature yet, it was still relatively easy to discuss and understand security problems within such a small community. Still, it was also not a “cool” business to be in, so it remained small for quite some time. This has now completely changed.

The current demand for security is huge: There are more security requirements than ever before, as well as different schemes to measure and certify security, both national and international. Sometimes, it is not even clear if a vendor has to comply with any security requirements, much less which specific requirements. In fact, the market is changing so fast that regulators also have a difficult time keeping up with these changes.

Good security cannot be achieved by assessment alone, since such verification can only assess what’s already there, provided by the vendor. For real improvements in security, it is essential that product developers understand and endorse security, including endorsing the security criteria they must comply with.

Security criteria that have been available for decades have been updated, new aspects have been included, and – as confusing as they might be – it is important for vendors to understand these criteria. Clarity and transparency are an essential part of security, especially to the labs performing the security assessments, as they may be the first point of contact for vendors.

Given the importance of clarity in a complicated space, atsec has modernized its web site to help lead by example:

The website now comes with a modern design and covers all the services offered by every atsec office worldwide; this means no separate web site for each office.

One main menu, structured by the various service groups, presents each of the specific services provided by our offices in a way that shall help our customers find the best combination for their individual needs.

Along with each service, we also provide links where customers can download additional information, including authoritative links with references to the criteria and schemes. Informing our customers is of utmost importance to us, as we are convinced that customers who understand the criteria and their requirements can implement security profoundly better than those who are just impressed by some security expert witchcraft.

This focus on the services, rather than their location, addresses the quite common situation where customers may need several types of assessment services that require the cooperation of multiple atsec offices. This co-operation between our offices to serve our international customers has been a hallmark of atsec’s business since its foundation, so it made sense to unify everything on a single website.

We hope that this update will help you to better understand the different security criteria and whether they are useful for you. It may also be difficult to find out which security requirements are appropriate, what the requirement means, how big the effort will be, and who within atsec to talk to. If you need more information, just contact us for more information, as we’re always happy to help.

For convenience, here is a short list of security criteria that may be relevant to your business: