AceOar Technologies

Software security measures to make your software solution more trustworthy

door handle key keyhole

Security, reliability and scalability makes a software solution more trustworthy. Privacy and data protection are the most important things customers are concerned about for most software solutions out there. 


Here are some of the main topics that can help give a good glimpse to business owners on what to tackle, or at least have a plan in near future to tackle for their software solutions.



Compliance & Certifications




SOC 2 is a Systems & Organizational Control 2 (SOC 2) examination performed by a third party audit. It ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.

Complete a third-party SOC 2 Type II audit. Type II is a continued auditing procedure that ensures organizational and technology controls are independently audited and it was performed at least annually.



GDPR compliance

GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a redefined set of regulations. It’s a must if you are serving the EU market. 



Follow a Privacy framework, be a member

For example, Privacy Shield is an agreement between the EU and US that allows for the transfer of personal data from the EU to the US. 



Security, Zero Trust


Most large cloud service providers such as AWS, GCP, Azure are providing security features built-in. Use a cloud provider with built-in security. Use best practices to further harden your systems and processes. Also, modern cloud services employ a robust physical security program with multiple certifications, usually including SOC 1 & 2.



Malware detection services

Partner with a company which provides a comprehensive and automated malware detection service for files uploaded to the service by users, ensuring that foreign files uploaded to the service are not infected. For file related securities, you might want to maintain a blocklist containing a list of forbidden file extensions. The file extension blocklist may contain file types that may be considered dangerous, such as scripts or executables. By blocking these file types, the risk of malware infection can be reduced significantly.




Network Intrusion Detection System (NIDS) sensors can be used in tandem with native cloud security services, which can be enabled for all production assets.



Encryption Practices



Never store passwords in clear text – they should always be hashed and salted securely using strong algorithms such as bcrypt. Bcrypt is a proven algorithm and is considered one of the best choices for password storage.



Encryption at rest

Data at rest should be encrypted and AES-256 is a great choice. Encryption keys can be stored using cloud providers Key Management Services. One or more annually rotated customer master key (CMK) can be used to encrypt all client data.



Encryption in transit

All network communication should use TLS with at least 128-bit AES encryption. The connections should use at least TLS v1.2, and we usually recommend it to be encrypted and authenticated using at least AES_128_GCM. ECDHE_RSA is a great choice as the key exchange mechanism. There are 3rd party services available to analyze TLS configurations who use their custom configured SSL Server to test and provide you a comprehensive report with a score.



Comments are closed.
%d bloggers like this: