COSSACK LABS | Building ironclad data security for VDR SaaS
Case M&A solution SaaS

Building ironclad data security for M&A solution leader

Industry

  • M&A SaaS provider

  • VDR

Technology stack

  • iOS, Android native mobile apps

  • React Native apps

  • Azure cloud

Regulations

  • CCPA, GDPR

  • Internal security policies

  • Encryption Export
    Regulations

Challenges

Technology requirements

Mitigate mobile-specific threats

As mobile apps introduce new attack vectors, implemented security measures should successfully mitigate them and instil confidence in online deals for Customers' users.

Follow constantly changing mobile security guidelines

Mobile apps security controls should be in line with industry practice, be easy to maintain and update in the changing threat landscape.

Security that doesn't ruin UI/UX

Security measures should not break user experience for legitimate users, but render applications unusable for potentially malicious users.

Our Approach

Prevent data leakage without affecting legitimate users

From the Customer's business perspective, the security goals were to prevent leakage and tampering of customer's sensitive data (documents, PII), unauthorized document access, and getting unauthorized party access to functionality and accounts.

At the same time, from the Customer clients' perspective, the security measures shouldn't interrupt access to the documents while providing appropriately managed access to their sensitive data.

We had to cover challenges from both sides.

Improve security release-to-release

Understanding their risk posture and UX requirements, we were introducing security measures one by one, firmly improving the application month-by-month.

Solution

Products and services involved

Themis, <span class="font-normal">a cross-platform crypto library</span>

Themis, a cross-platform crypto library

Themis is a cross-platform high-level open-source cryptographic library. We used Themis as a building block for cryptographic protocol, focusing on the data flow and performance while having cryptography covered.
Read more
Mobile app security

Mobile app security

We've designed & implemented numerous platform-specific security controls for mobile apps, including reverse-engineering protections and mobile device attestation, and the cryptographic layer for sensitive data protection.'
Read more
Security advisory

Security advisory

We've built risk, threat and trust models, analysed and prioritised attack vectors, planned security controls and assisted with implementation and verification of controls.
Read more
Security engineering

Security engineering

We've recommended improvements in backend API security and aligned security measures across platforms.
Read more

Benefits

Cossack Labs' solution allowed the Customer to flexibly manage their development and business needs while maintaining a high-security posture: adding and removing features; changing technological stack from native platforms (iOS, Android) to React Native platform; changing backend authentication technologies and API frameworks, while being sure that mobile app security stays on a high level and incorporates these changes.

Results and outcomes

Results and outcomes

Improve your system security using our solutions

We help you focus on serving your customers better, while relieving your team from security engineering pains and making your users confident that their data is safe with you.

Other customer stories

Protecting telemetry data of power grids
Protecting telemetry data of power grids

Critical infrastructure

Industrial

Protecting telemetry data of power grids
Protecting data signals transmitted over the air between power distribution stations and central dispatch system.
All customer stories

Contact us