Solutions for SaaS Providers
Providing the business value as Software-as-a-Service means putting extra stress on scalability, maintainability, and operational management. Customers' demands, GDPR-related risks, and constant data breaches clearly signal that just checking a few checkboxes in AWS configurator would barely be enough to do the job.
We have built a data-protection layer for SaaS providers. Our solutions help to secure the data that is stored and exchanged in SaaS' zone of responsibility, through either selective or end-to-end encryption.
Current industry challenges
Numerous data privacy regulations make the SaaS provider who handles sensitive customer data responsible for it, not a cloud provider.
Enterprise customers require specific data security policies to protect their data. Such policies extend way beyond "we've turned on all the AWS security features".
Integrating security controls into an actively growing product is hard due to the need to balance out the performance, scalability, and maintainability of the system.
Selective or end-to-end encryption combined with pseudonymisation or anonymisation of data across the system.
Resources' and keys' compartmentalisation: sufficient separation between protection of individual users without jeopardising the integrity of company's infrastructure.
Scalability and transparency: security controls should scale via processes and replicas horizontally, and provide SIEM-compatible log stream of their behaviour.
Data-centric security engineering for applications in combination with security audits.
What we offer
Service providers are responsible for sensitive data of all of their clients. Cloud security measures should meet specific demands, i.e. portability, scalability, and transparency.
We cater to your special use cases. Our solutions are suitable for cloud deployment and accommodate most of the 12 factors of scalable cloud components for SaaS applications where they don’t contradict security requirements.
Data protection system with searchable encryption, intrusion detection, and leakage prevention. Acra is managed by one declarative configuration and key layout.
Security engineering and consulting
Building a secure system from scratch or adding security controls to existing products is a non-trivial task. Enrich your team’s competences with our security engineering skills.
Secure software development training
Being good at software development does not equal having good cybersecurity skills. Train your team to build highly secure systems and avoid typical mistakes.
How we make a difference
Our solutions are built to scale with your business, not to constrain it.
Security & observability: store and transmit only the encrypted data, gather logs, metrics, and monitoring signals to get a transparent view of the system's behaviour.
We help you achieve more while paying less – our solutions attack risks at the very core, instead of patching up the holes.
We're no strangers to SaaS business, some of us had operated large-scale SaaS infrastructures, so we know their nature and context.
Our mission is simple.
We help you focus on serving your customers better, while relieving your team from security engineering pains and making your users confident that their data is safe with you.
Interested in our solutions? Let’s talk.
GDPR for engineers
An extensive guide on mapping data privacy regulation to changes in database structure, updates in DevOps practices, backups, and restricted processing.
12 and 1 ideas on how to enhance backend data security
An updated look into backend security, from HSMs to searchable encryption and cryptographic ACLs.
Hiring external security team: what you need to know
Contrary to popular opinion, security consulting is not limited to pentests and compliance audits. We’ve outlined the 4 main security-related business risks and charted out the way to help you choose the consulting type that best suits your business.