Cybersecurity & Compliance for IoT Solutions Company
Featured Review- Cybersecurity
- $200,000 to $999,999
- Nov. 2020 - June 2103
- Quality
- 4.5
- Schedule
- 5.0
- Cost
- 4.5
- Willing to Refer
- 5.0
"Our collaboration with Sekurno has consistently been seamless."
- Manufacturing
- 51-200 Employees
- Online Review
- Verified
Sekurno has completed a security audit and ensured compliance with ISO 27001 standards and GDPR regulations for an IoT solutions company. They've consulted on all stages of the software development process.
Sekurno has helped the client acquire ISO 27001 certification and enabled them to operate globally based on their GDPR compliance. The team has prevented potential security vulnerabilities and improved the client's ability to provide sound and comprehensive responses to their end customers.
This review is an update by the client company. The original content is located below the new review.
The client submitted this review online.
BACKGROUND
Introduce your business and what you do there.
As a pioneering force in the ever-evolving global IoT industry, RAKwireless designs and produces inventive, comprehensive IoT solutions. Our robust product portfolio includes over 50 actively produced items, spanning from IoT modules and LoRaWAN Gateways to ready-to-deploy Node devices. These offerings cater to a wide spectrum of customers, encompassing both IoT developers and deployers.
OPPORTUNITY / CHALLENGE
What challenge were you trying to address?
Over the past few years, our growth trajectory has been steep, with numerous B2B and B2C product launches, several of which have seen extraordinary popularity. As our market presence and customer base expanded, the necessity to enhance our product security became increasingly apparent. This became crucial not only to safeguard our customers and their data but also to uphold our reputation.
Consequently, we set an objective to align our company and products with ISO 27001 standards and GDPR regulations. Thus, we found ourselves in pursuit of a comprehensive, sophisticated cybersecurity program and sought out a proficient and trustworthy service provider.
SOLUTION
What was the scope of their involvement and team dynamic?
Our partnership with Sekurno originated from the penetration testing of our critical software product, a comprehensive remote IoT fleet management system. With its role in handling sensitive data, we needed assurance of its security.
We aimed to undertake a thorough security audit, scrutinizing our infrastructure and the interaction between cloud and device, to meet the most stringent standards. Accordingly, Sekurno initiated a white box penetration test of our web application and APIs, scrutinizing the front-end, back-end, and source code.
The security concerns identified by Sekurno's pen testers were meticulously documented in a report, which included a proof of concept for each issue. Additionally, they collaborated with our development team in implementing fixes and testing them, ensuring the security of our application and APIs.
Given the fruitful collaboration between Sekurno's experts and our software developers, as well as the insightful penetration test results, we extended our partnership to include the Software Security Development Lifecycle (SSDLC). This step aimed at incorporating top-notch security practices into our software development process. The Sekurno team conducted a gap analysis of our existing code based on penetration test results, followed by a review of our SDLC to uncover specifics of our internal development process. Based on these findings, they assembled a security team to collaborate with our developers throughout all stages of the software development process, including risk analysis during the design phase, establishing security requirements parallel to functional ones, and aligning security testing with development.
In our pursuit of ISO 27001 compliance, we expanded our collaboration with Sekurno to establish an Information Security Management System (ISMS) that aligns with the standard and prepares us for certification. They conducted a comprehensive assessment of our company, developed an action plan to bridge gaps, and guided us through ISO27001 implementation, certification, and subsequent ISMS maintenance tasks.
Sekurno also assisted us in achieving another critical compliance milestone, the GDPR. Given our strategic focus on the EU market, we needed to ensure that our software development abided by the principles of privacy by default and privacy by design. Sekurno carried out a GDPR compliance audit for several RAKwireless software products, delivering an Internal Audit Report, GDPR-required documentation, Records of Processing Activities (ROPA), Legitimate Interests Assessments/Data Protection Impact Assessments (LIAs/DPIAs), Standard Contractual Clauses (SCC), EU representative assignments, Data Protection Officer (DPO) assignments, and a final report detailing the results of the GDPR compliance assessment.
What's the status of this engagement?
Having achieved ISO 27001 certification and advanced our GDPR compliance to a level suitable for global operation, particularly within the EU, we have now redirected our partnership with Sekurno towards vulnerability management, DPO, and EU representative outsourcing for GDPR-related activities.
RESULTS & FEEDBACK
How did your relationship with your partner evolve?
Our relationship with Sekurno has evolved gradually, increasing both in the complexity and volume of tasks assigned. We've progressed from conducting a penetration test on a single web application to testing multiple products, eventually incorporating Sekurno into our core software development processes. Their involvement in the Software Security Development Lifecycle (SSDLC) has effectively preempted numerous significant security issues during development, which has proven to be immensely valuable. They later took charge of compliance projects that held, and continue to hold, strategic importance for us.
In terms of outcomes, beyond enhancing our internal and external processes from a security perspective and achieving ISO 27001 and GDPR compliance, one of the most crucial results is our preparedness for security-focused discussions with our customers. Such conversations have been increasingly frequent, and we're now well-equipped to provide detailed and convincing responses to our customers' inquiries.
Our collaboration with Sekurno has consistently been seamless. They've delivered on time, and any extensions in timelines were only due to our decision to expand the scope of tasks. Their project management has been exceptional, exceeding our expectations.
What sets Sekurno apart is their ability to compete with larger firms despite their relatively smaller size. Their compact structure facilitates more manageable project management and offers competitive pricing. They've repeatedly demonstrated their capabilities and competence.
One particularly commendable aspect of our collaboration with Sekurno is their integrity. They never attempt to push services we don't need, focusing instead on what's currently essential and beneficial for us as a client.
In what ways can they improve?
While there's hardly anything to critique, one recommendation would be the implementation of a customer portal. This platform could facilitate sharing of findings and deliverables with customers, and also support additional workflows. I believe such an initiative could bring substantial benefits to both parties.
What advice do you have for clients with similar needs to yours?
For companies contemplating cybersecurity programs, my recommendation would be not to delay until the situation becomes critical. Select individuals and teams with the required expertise and place your trust in them to manage your cybersecurity responsibilities.
UPDATED REVIEW
This review was published on July 14, 2021.
VP, RAKwireless
Manufacturing
51-200 Employees
Shenzhen, China
$10,000 to $49,999
Dec 2020 - Feb 2021
Project summary
Sekurno provided full security audits for an IoT solutions company. The client wanted the vendor to focus on their cloud infrastructures and their vulnerabilities to bugs and cybersecurity threats.
Feedback summary
Sekurno led a transparent, trustworthy service that exhibited confidence in their extensive technical skills. They guided the company through the implementation of their suggestions and even provided additional testing. The client also praised their smooth workflow.
BACKGROUND
Please describe your company and your position there.
RAKwireless is a pioneer in providing innovated and diverse LPWAN connectivity solutions for IoT edge devices, for both enterprises, SMB and individuals. IoT solutions should not be complex. We strive for simplicity and effectiveness in all products we develop.
OPPORTUNITY / CHALLENGE
For what projects/services did your company hire Sekurno?
We have Fleet Management System for our gateways, which handels sensitive date. We wanted to do a full security audit (to make sure we meet the highest standards) and we wanted Sekurno to review our infrastructure and mechanisms between cloud and device.
SOLUTION
How did you select this vendor and what were the deciding factors?
Our partner referred us to Sekurno, and after interviewing a number of potential candidates, Sekurno came out as best. Professional approach, clear outlines, and a good offer. No hidden fee's whatsoever.
Describe the project in detail and walk through the stages of the project.
The scope of Sekurno included penetration testing of our web-application and API's. They were tasked with checking the front-end, backend, source code, vulnerabilities and security bugs -consolidated in a detailed report with proof of concept for each issue. Besides that Sekurno also worked together with our development team on implementing all the fixes and testing all the implementations, to make sure the application and API's were safe.
How many resources from the vendor's team worked with you, and what were their positions?
Sekurno - Senior Penetration Tester & Lead - Senior Penetration Tester Partner / RAK - PM - QA - DevOps - FE - BA - AWS Experts
RESULTS & FEEDBACK
Can you share any outcomes from the project that demonstrate progress or success?
- Report with business summary, security issues identified, technical details, and recommendations on fixing.
- The Checklist with the results of tests performed.
- Guidance on implementation of fixes
- Additional testing to make sure all issues are fixed
How effective was the workflow between your team and theirs?
After discussing the workflow between the teams, all went very smooth. Sekurno kept us (stakeholders) updated during the investigation and also discussed some things preliminary with our development partner.
What did you find most impressive or unique about this company?
The people at Sekurno clearly know what they are doing and don't shy away from a challenge. Although this review is focussed on 1 project only, we are currently running multiple projects with them in parallel. Sekurno every time finds a way to meet our business needs, even though while in some cases they don't have the expertise in house yet. They have a trusted network of partners. Which is great for us as client.
Are there any areas for improvement or something they could have done differently?
We are very satisfied and at this moment, we have no additional recommendations on what could be done differently or better.
Overall rating: 5
Quality: 5
Cost: 5
Schedule: 5
Willing to refer: 5
RATINGS
-
Quality
4.5Service & Deliverables
-
Schedule
5.0On time / deadlines
-
Cost
4.5Value / within estimates
-
Willing to Refer
5.0NPS