Building ironclad data security for M&A solution leader
In the mergers and acquisitions (M&A) world, everything at the desk must be clear and secure across the entire deal process. That is why [REDACTED], a leading SaaS provider for the M&A industry, chose Cossack Labs for their ironclad data security.
[REDACTED] has a half-century history and sets a world-class standard for market leaders in deal data management. They used their extensive experience to revolutionize the M&A lifecycle with data security in mind.
M&A SaaS provider
iOS, Android native mobile apps
React Native apps
Internal security policies
Building state-of-the-art VDR security for online document storage and integrating it seamlessly into mobile apps.
The Customer has a rich virtual data room (VDR) service, which works as secure online storage for processing M&A documents and interacting with legal teams. Pioneering the trend of critical exchanges getting virtual and moving to the cloud, they created web and mobile applications to work with documents from anywhere in the world.
Adding a new application that works with sensitive data means adding new threat vectors and expanding attack surfaces. The Customer's team was looking for security engineers that could help build state-of-the-art document security and integrate it seamlessly into mobile apps, so they reached out to Cossack Labs.
Mitigate mobile-specific threats
As mobile apps introduce new attack vectors, implemented security measures should successfully mitigate them and instil confidence in online deals for Customers' users.
Follow constantly changing mobile security guidelines
Mobile apps security controls should be in line with industry practice, be easy to maintain and update in the changing threat landscape.
Security that doesn't ruin UI/UX
Security measures should not break user experience for legitimate users, but render applications unusable for potentially malicious users.
Prevent data leakage without affecting legitimate users
From the Customer's business perspective, the security goals were to prevent leakage and tampering of customer's sensitive data (documents, PII), unauthorized document access, and getting unauthorized party access to functionality and accounts.
At the same time, from the Customer clients' perspective, the security measures shouldn't interrupt access to the documents while providing appropriately managed access to their sensitive data.
We had to cover challenges from both sides.
Improve security release-to-release
Understanding their risk posture and UX requirements, we were introducing security measures one by one, firmly improving the application month-by-month.
We have shaped the SSDLC process, built numerous mobile-specific security controls, and aligned mobile app security with corporate security.
Products and services involved
Themis, a cross-platform crypto library
Themis is a cross-platform high-level open-source cryptographic library. We used Themis as a building block for cryptographic protocol, focusing on the data flow and performance while having cryptography covered.Read more
Mobile app security
We've designed & implemented numerous platform-specific security controls for mobile apps, including reverse-engineering protections and mobile device attestation, and the cryptographic layer for sensitive data protection.'Read more
We've built risk, threat and trust models, analysed and prioritised attack vectors, planned security controls and assisted with implementation and verification of controls.Read more
Cossack Labs' solution allowed the Customer to flexibly manage their development and business needs while maintaining a high-security posture: adding and removing features; changing technological stack from native platforms (iOS, Android) to React Native platform; changing backend authentication technologies and API frameworks, while being sure that mobile app security stays on a high level and incorporates these changes.