Enterprises that develop products with embedded software have some overlap with traditional IT, but need to be analyzed differently.
For one, traditional IT technology solutions do not scale well. It is not possible to just take ISO27001, use your normal ISMS or use firewall/antivirus and think your technology will do what you (really) need. The same is true same for the promises about KI, blockchain and other magic solutions to solve all the technology demands you have.
More and more, embedded products are connected and offer a growing attack surface. A chain is only as stable as the weakest link... And an attacker will find the weakest link. There’s no point having really strong, expensive (and cumbersome) technology in one place if right next to it everything is held together with string.
It is important to look at the whole chain – and its environment – and detect weaknesses and strengths. We contribute most value by helping you get a view of the whole chain: Development, production, and service throughout the product’s lifetime. Only when you see technology as a whole chain are you in a position to take the right decisions.
As a small business, we have a laser-clear focus on working with your personnel to determine the desired level of technology. We bring in our experience to analyze and document your current technology strengths and weaknesses. If you already have a technology team, we like to collaborate. Otherwise, we can work with technology-liking employees or educate interested ones. The goal is to empower your employees with technology optimisation so your business does not needlessly lose money or reputation.
Depending on your requirements, we can analyze an existing product, fix a concrete incident, or help plan a new project with technology in mind from the beginning. Our favourite is getting your overall technology level for embedded products in shape.
The first step is always a clear breakdown of your true technology requirements, done together with product management and engineering. Depending on our findings, we might continue with trainings for software engineers. Or with a precise risk and threat analysis. Or with building an incident management system, or issuing new guidelines for development… Whatever the next step is for you.
To help you succeed with embedded products, we offer the relevant combination of:
Risk analysis
Analyze the whole chain
Threat analysis
Implementation of technology in a new project
An analysis of a running project
Personal development: Training to detect technology relevant situation themselves
Analyze current technology process
Definition of needed technology level
Incident management
Technology concept
Build up technology team
Supporting on concrete problems as external expert
Requirement engineering
Implementation of new processes
Testing of current systems
