Ural Security System Center carried out an independent assessment of the development process in Ctrl2GO Group of companies, taking into account the requirements of Decree No. 239 issued by FSTEC of Russia. As a result, Ctrl2GO Solutions (part of Ctrl2GO Group) has successfully completed the development of software for monitoring and diagnosing technical condition of industrial equipment, as well as it improved secure development processes (DevSecOps) within the company.
Verification of software solutions for compliance with information security requirements set for critical infrastructure assets is mandatory for a number of industries. Analysts of USSB Cybersecurity Center not only carried out an audit of development processes, but they also verified security of developed software by "white box" and "black box" testing, analysed its code and conducted fuzzing. Measures taken on the basis of experts' conclusions helped Ctrl2GO Solutions successfully pass the tests at its customer's facility and prepare the solution for commissioning.
"As far as our company is concerned, information security audits are not a routine task or formal fulfilment of requirements of industry standards. We came to the conclusion a long time ago, that such audits can improve not only the quality of software products, but they can also improve processes within the company. There is no doubt that experience, the level of analysts' training, technologies and methods applied by them influence it very much," Andrey Kiryushenkov, Head of IT projects at Ctrl2GO Solutions, explained.
In order to scale audit results and to apply systematically information security principles at all stages of the software product creation cycle, the roadmap for the development of DevSecOps processes was prepared by specialists of Ctrl2GO Group of companies together with the Cybersecurity Center of USSC.
"When we were working out recommendations, we adapted DevSecOps techniques and practices to goals, conditions and requirements of Ctrl2GO Group of companies. Application of secure development practices will help to reduce the number of vulnerabilities in the source code, reduce time and resources required for correction of deficiencies detected during inspections and minimize damage from potential information security incidents in the future," Evgeny Todyshev, Head of USSC Secure Development Department, commented.
Company profiles
Cybersecurity Center is an association of core competencies of Ural Security System Center (USSC) for implementation of best practices and technologies to protect the most critical assets and systems from digital threats. As per CNews rating, USSC is included into the list of TOP-15 largest information security companies in Russia.
Ctrl2GO Group is a high–tech company that develops and implements digital products based on artificial intelligence, industrial Internet of things, and intelligent analytics. Products are domestic developments and have already been successfully implemented in mechanical engineering, transport, agriculture, and mining.
In 2020, Ctrl2GO was included in the top three providers of data analysis solutions in Russia and TOP 100 largest IT companies in Russia as per CNews rating. In 2021, it was included in TOP 50 in Russia and TOP 30 in Moscow of IT industry in HeadHunter Employer Rating. In 2022, Ctrl2GO Group was included in TOP 50 Moscow companies with 100-250 employees in IT industry and Internet.