Systematic Protection: How SSI SCHAEFER Protects Software and Data

How can software development remain secure in an increasingly digitalized world? At SSI SCHAEFER, a comprehensive security concept ensures that information security is consistently implemented in all areas of the company. The Information Security Management System (ISMS) is at the heart of this. It not only includes all technical measures at all levels and in all areas, but is also used as an organizational lead structure with appropriately developed security objectives and strategies. This system is based on sound risk management and is regularly optimized through ongoing evaluation of the activities and continuous development of the security measures.

An important focus is on software development for the intralogistics solutions of SSI SCHAEFER. In addition to the integration of security measures into the software development process, it is important to always maintain control over security during the implementation and maintenance of customer systems and the corresponding data exchange.

Focus on protection targets

SSI SCHAEFER attaches great importance to close coordination with customers in order to maintain the protection targets of availability, confidentiality, integrity and authenticity in the area of information security. These protection targets are also key requirements of the NIS2 Directive, which aims at enhancing cybersecurity standards across Europe. Implementing these standards protects against cyber threats and strengthens the resilience of IT systems. In concrete terms, this means:

  • Availability: Information and systems are available at all times.

  • Confidentiality: Data is treated confidentially and protected against unauthorized access.

  • Integrity: Changes to data are traceable and tamper-proof.

  • Authenticity: Data clearly originates from the specified source.

It is therefore essential that information and data are available correctly at all times, that they are treated confidentially, that each action can be attributed to an entity, that changes are traceable and that it is ensured that the data or information comes from the specified source. The implementation of these standards is for protection against cyber threats and strengthens the resilience of IT systems.

Shared awareness is essential

Targeted training ensures that employees recognize threats and apply the existing protective measures and processes safely in their day-to-day work. There are general training courses for all employees, covering topics such as the secure handling of passwords, identifying and reporting malware and similar basic information.

In the field of software development, on the other hand, special knowledge such as secure coding is also provided to prevent security vulnerabilities during programming. This is supplemented by a comprehensive list of measures at component, data, system and process levels. Special attention is paid to the technical systems on which information is stored, processed or transmitted. They must work smoothly and be effectively protected against the wide range of threats.

Some key elements of software development are:

  • Threat modeling, secure coding and code reviews are applied in the development phase.

  • Checks are implemented in all SSI SCHAEFER systems and applications that restrict access to authorized users only. This is also considered in software development, where access rights are assigned on a need-to-use/know basis, depending on the protection requirements of the information. This means, for example, that SSI SCHAEFER employees are only granted access to a customer system if this is necessary to carry out the service tasks or operations.

  • The security architectures ensure traceability and integrity with regard to the security objectives in the applications and systems.

  • Tools for static code analysis are used to implement static application security testing and to identify and rectify potential vulnerabilities at an early stage.

  • Third party components used are checked on a regular basis for known vulnerabilities and updated.

  • Comprehensive penetration tests by independent external partners are used to simulate attacks and help to find and eliminate security gaps.

The required security practices are implemented and documented in a structured manner. The aim is to achieve a balance between high security and user-friendliness so as not to impair the functionality of the software.

Why safety is more than just technology

SSI SCHAEFER's safety technologies go beyond technical measures. A shared awareness of all those involved is crucial. From threat modeling and employee training to the testing of IT systems: Protecting sensitive data and systems is a joint task.

About the author

Klaus-Zlöbl_BlogInfoSichh.png

Klaus Zlöbl graduated in telematics with a focus on computer science before joining SSI SCHAEFER in 2011, where he held several positions in software development. Since 2017, he has devoted himself to the topic of IT security. Since October 2022, he has worked as a Security Officer in Product Development and is responsible for the security of software products.


More information:

Information Security Needs Teamwork

Digitalization offers a huge range of opportunities, but this is accompanied by security risks as a result of cybercrime. SSI SCHAEFER, one of the world’s leading providers of...

Read more
Blog_P_Schlör.png

Contact Person

Annika Find Global Communication Manager Phone No.: +49 170 9839697 Mail: annika.find@ssi-schaefer.com