All News

How Commend Ensures Secure, Trusted Communication

At Commend we design and operate our Symphony services – like the Symphony Door Call solution – from the ground up on the principle of ‘Security by Design’. As a central element of our defence in-depth strategy, cyber security is firmly embedded in all our developments. We are living up to this promise by having our processes certified regularly by independent auditors in accordance with stringent norms and standards. IEC 62443 for example, the international security standard for product development lifecycle requirements.

How does all this work in practice? Let’s take a look behind the scenes at our Symphony development labs.

Commend Design, Development & Operation: Security Inside

When we began to envision Symphony as a Cloud-native platform for our solutions, we knew two things for sure:

First, launching a new platform based on the latest powerful Cloud technology enables an unprecedented level of serviceability, scalability, user convenience and cyber-security – in other words, trusted Commend communication at its very best!

Second, this project would be the starting point for a shift to a completely new, truly agile way of planning, designing, securing and yes, even operating our customers’ Symphony solutions. The principle behind it is called ‘DevSecOps’ (short for Development – Security – Operations). Simply put, it means “We build it. We Operate it. We are responsible for security.” Users won’t have to purchase and operate their own on-premise system; with a Symphony service package everything – including cyber-protection and security – is taken care of on the Symphony Cloud platform.

Putting the “Sec” in Commend’s DevSecOps

As shown in the diagram, a new Symphony service or feature has its beginnings in a ‘classic’ development sub-process. This ranges from planning to pre-production and includes a quality-optimising monitoring/analytics loop. On the Operations end, the process covers everything from configuration to detecting and responding to possible problems or new requirements. The results provide input for the next release cycle, and so on.

Before a new component is released to the productive environment, it undergoes a rigorous security assessment and testing process (the ‘Sec’ part) that ensures fully integrated, deep-level cyber-security.

Truly agile cyber-defence

The DevSecOps approach allows Commend’s developers to leverage powerful controls and processes to provide cyber-security at a level and speed that was unheard of only a few years ago:

  • Security-relevant features can be developed and tested on a full-range test system. And if necessary, changes can be rolled back instantly at the click of a mouse!
  • This enables extremely thorough, fast and efficient cyber-security testing (pen tests, threat analysis, etc.) in a variety of scenarios, down to the last database query and configuration detail.
  • As a result, security issues can be addressed quickly and efficiently from within the system instead of applying patches or hotfixes on top of it: this is powerful ‘Security by Design’ as it’s meant to be!
  • IEC 62443 enhanced processes for software component analysis, source code review and security monitoring help us to ensure permanent cyber risk assessment. During the recent log4j vulnerability scare, for example, it took us little time to relieve our customer’s uncertainties with the fully detailed, coordinated processes of our Security Advisory Program.
  • With all tests successfully completed, the entire test system can be mirrored immediately to the productive Symphony Cloud environment. This way, full system updates can be rolled out instantly, so users can benefit immediately from reinforced cyber-defence without having to move a finger.

If you want to profit too and would like to further explore the world of Symphony services, get in touch with your local Commend partner, who will also be happy to arrange for a personal demonstration.

All News

Connect with us