Marcus Södervall is Head of Security and Chief Data Protection Officer at Stravito. A certified information systems security professional (CISSP), Marcus brings with him over 20 years of experience in enterprise IT from the banking industry. At Stravito, he works daily with IT departments to ensure world-class security that’s tailored to each client’s needs. Marcus is also continuously finding ways to enhance the trust and security of Stravito’s services, leading efforts such as our ISO 27001 certification and EcoVadis Sustainability Rating.
At Stravito, we move fast. Fast is good. It means adjusting to customer demands and delivering improved functionality and features quickly and often.
But speed and short release cycles haven't always gone hand in hand with secure products and services. So how do we at Stravito ensure a secure service to our customers while delivering at orbital velocity?
Modern tech stack
With a modern, cloud-based, tech stack we can easily automate everything from installation and configuration of infrastructure, to releases, and even security and compliance controls. This means less manual work in production environments that usually tends to be error prone.
Another benefit of a cloud infrastructure is the possibility to utilize capacity as a resource pool; it is easy for us to scale both up and down, resources making both our customers and the environment happy.
Short release cycles
A great benefit of short release cycles (we do daily to weekly releases) is that we actually can minimize risk with short intervals between our releases. The smaller the release is, the smaller is the chance of something going wrong. What this means for our customers is that if an error is introduced in a release, such as glitches in user interface elements or erroneous configurations, the damage is small. This also means that a fix is just a short bit away.
Everything as code
Everything at Stravito is based on code. It’s probably obvious that the Stravito SaaS is developed in code but not as obvious that our infrastructure and compliance controls are also defined as code.
This makes it possible for us to achieve some key factors to maintain a secure product:
- We can focus on secure code, instead of securing the actual infrastructure. Even better, all code is reviewed by a peer.
- We fix the errors in the code, instead of fixing errors in production environments, making sure that the errors are corrected at the root cause and will not occur again.
- We can focus on building automated and scalable compliance controls. In a traditional IT environment, security compliance tends to be ensured by manual controls and verifications, which is time consuming. Instead of logging into every component to verify that it is hardened, encrypted, locked down and so on, we can just ask our cloud infrastructure, using its hypervisor API, to provide the information. The response is instant, automatic and repetitive–independent of how many components we have in the infrastructure.
You can read more about our work to ensure our customers' security and trust here.
Want to talk more about how Stravito can meet your security needs? Reach out to me at email@example.com
Stravito releases AI-powered insights recommendations
Mickel Grönroos Nov 17, 2020