IT Security in Products
In today's digitally networked world, there are very few products without a digital interface to their environment. Most products are part of a network, a system of systems. In addition to various advantages (increased functionality, greater convenience, etc.), such distributed systems also entail new risks. In order to develop an all-round secure product, the risks of the digital interfaces must be identified and the entire system must be protected against potential hacker attacks. In addition, this topic is part of numerous standards and regulations, such as UNECE WP29, whose requirements must be met in order to successfully launch a product on the market.
What is IT Security in Products?
The terms safety and security are ubiquitous in product development. In practice, however, there is a lack of a clear distinction between the terms. The term safety focuses on accident prevention and maintaining the health of stakeholders (users, maintenance staff, passers-by, etc.), while "security" considers crime prevention issues and thus only allows authorized persons access to a location or system. The following example illustrates this connection. One of the functions of a vehicle door is to prevent another vehicle from entering the vehicle interior in the event of a crash (safety). Furthermore, the door also protects against strangers being denied access to the vehicle in order to make potential theft more difficult (security). Due to digitalization in particular, the topic of product cyber security also revolves around data security. A holistic security approach not only takes into account the individual control units, data networks and external interfaces (e.g. Bluetooth, WiFi), but also end-2-end security of the entire system, i.e. including the cloud (see shell model).
Our Consulting Services in IT Security in Products
- Your company only considers security aspects late in the development cycle and is therefore confronted with costly reworking of security gaps.
- Potential security risks in your products are not identified and evaluated at an early stage.
- You face the challenge of strengthening the awareness and skills of the development teams with regard to security standards.
UNITY solution approach:
- Implement methods to consider security aspects from the conception to the delivery to minimize rework.
- Integrate security roles and processes into product development up to the market phase.
- Conduct training and workshops to raise awareness of security among development teams.
- Support development teams with resources and tools to make security-relevant decisions and develop in a security-conscious manner.
- The increasing complexity of medical devices increases their vulnerability to cyber-attacks, which can result not only in data leaks but can also directly endanger patients
- You must ensure that their medical devices meet the necessary security standards to comply with legal requirements.
UNITY solution approach:
- Training of medical staff and those responsible for information security to raise awareness of the importance of medical device security
- The development of a holistic security plan that includes both preventive and reactive measures against cyber threats.
- The increasing number of networked functions in vehicles increases the risk of cyber attacks. Hackers could try to access vehicle systems to steal sensitive data or even take control of certain functions
- Security vulnerabilities in outdated software can be exploited by attackers to gain unauthorized access to vehicle data or functions.
UNITY solution approach:
- Implementation of security by design principles in the product development of vehicles and components.
More robust products, services and processes against security incidents
Lower product follow-up costs in the market phase
Increased protection of intellectual property, patents and secret development data
Compliance with regulations and industry standards
Make an appointment with our experts
Depending on the topic, we provide you with the right experts. Select your preferred date from our calendar and discuss your concerns with our experts by phone or via Microsoft Teams without any obligation. We look forward to getting to know you!
Project stories in Cyber Security
Development of the innogy CyberRange-e
Business Model Development and Operationalization
An in-house training center, the "CyberRange-e", was set up to provide in-depth education and training for employees in IT and OT areas, where the company's own employees have been trained in a realistic environment since mid-2019. This project was approached in a structured manner together with UNITY: First, the competitive landscape for realistic cyber security training was examined and interviews were conducted with potential target customers in order to then derive the target position of the CyberRange-e ecosystem.
Digital target picture and application for funding
Consulting for the Hospital Future Act
- Creation of a digital target picture and formulation of digital guiding principles in the dimensions of processes, patients, employees, quality, organization and culture
- Identification, prioritization and selection of eligible projects in accordance with the target picture
- Ensuring compliance with the mandatory criteria and legal requirements for IT security measures
- Selection of potential providers in accordance with user requirements
- Completion of applications and upload of all content and attachments to the NRW online portal
Project management for applications for the Hospital Future Act (KHZG)
Consulting as part of the Hospital Future Act
- Implementation of project management
- Creation of a digital target image along the process map, taking into account the overall strategy of the hospital group
- Preparation of applications: Creation of templates for project profiles and project outlines
- Support of the application process: Creation of templates for final funding applications (sample applications & quality control of applications)