CONTACT

Feel free to contact us via mobile or via e-mail.

contactinfo@currentSecurity.chemail0041 79 322 18 80

Thank you for your message and we will get back to you as soon as possible.

Close

Oh no, something went wrong. Please contact us directly by email or Phone.

Close

Write us a message with the contact form.

DE
 
currentSecurity
Contact
umwasesgeht
What's the matter

Often there is only little security awareness outside of the normal IT. So you only protected the parts you thought first about: sometimes license, somethings nothing. But the situation is quite different for embedded devices (especially for IoT devices) than the needs for IT. The life cycle, the use cases and most importantly the risk analysis is different. As different as the functionality to a normal computer is as different is the usages and therefore the needed security. When the device were just sold and the software was just a nice add-on the needed security was quite low. The attack surface was only for real hackers available. Is this still true today?

Times have changed: Connectivity and security.

The time has changed. Some of the devices are connected, the update software is available through the internet, the user demands faster update cycles and more connectivity to other devices or services and the cloud. The 'normal' attacker is more sophisticated and has more information and possibilities at hand through the internet. The end user wants a secure device without specifying what that means.
Is it possible to deliver a secure device? And if yes, will the invested money be worth it? Will the usability and functionality and the time to market stay the same or even improve?
The following picture will help us to understand the problem:

Security fail
Is security only a hurdle for the honest user?

What is a secure device? The picture depicts that sometimes we invest a lot of money in securing the normal way we think users (and therefore) attackers will come in. An engineer will put a lot of time and effort into this hurdle to make it as secure as he think it is needed. That will be the first costs. But it does not stop there.
Even worse, these controls will only be a hurdle for the honest user. Depending on the implementation the first run is more cumbersome or even on every usage it is not as fast as it could be. Your service technicians will have it more difficult to repair. A lot of unneded costs add up. And overall security is just an investment without benefit.

Your needed security level is dependant on your business model.

If we did not think it through and have not done a risk and threat analysis security will only be a hurdle for the user, developer and service technician: This makes everything more expensive without a clear gain. The needed security level of your company is unique and depends on your business model and customers. You need to decide what you need and what this is worth. These are the reasons why an expert in security needs to come together with the experts in your domain to set the right level of security. With that approach security is not only accepted but helpful. We would like to sit together with you and find out what your needs are to get to the right security level for your company and define next steps.