Situation
NCC Group was enlisted by Studio XID to assure the security of its client’s data and intellectual property. The project involved an AWS configuration review, along with a mobile application and web application assessment, utilizing NCC Group’s leading expertise to ensure that the system is thoroughly examined for potential vulnerabilities.
The review provided full peace of mind for the client and ensured that their customers would be satisfied that their data and intellectual property is being handled securely.
As a leading software development company, Studio XID aims to provide a seamless user experience (UX). Part of the UX is ensuring peace of mind to their clients’, so security is always a priority and security expectations are high.
At a Glance
Organization: Studio XID
Industry: Tech
Challenge: Assuring the security of clients’ data and intellectual property
Solution: AWS Configuration Review and mobile application and web application assessment
Result: NCC Group ensured that AWS instances were in line with industry best practices, provided security assurance for their mobile application and web application, conducted security benchmarking against industry peers, provided peace of mind for the client
Challenge
Studio XID Inc has created the next chapter of digital design with ProtoPie, a no-code user interface prototyping platform. Created in 2014 and launched in 2017, ProtoPie has a user base across over 97 countries. ProtoPie authoring suites are available for both macOS and Windows. ProtoPie prototypes can be viewed online via the ProtoPie Player or on devices via Android and iOS applications.
As a complete UX prototyping platform, it is vital that the security and integrity of Studio XID’s clients’ intellectual property can be assured. If a breach were to occur, this could have a major impact on the brand and revenue. After reviewing several companies on a global scale, Studio XID chose NCC Group due to our reputation and experience. Studio XID approached NCC Group to provide an independent program of penetration and security assessments, which allows them to understand its vulnerabilities and risks, and take action to address them.
Solution
After several detailed discussions, it was agreed that the project was to be broken into two main stages:
- An AWS Configuration Review conducted remotely utilizing NCC Group’s AWS Assessment methodology. During this assessment, the AWS system configuration was examined from a network perspective, examining the system from the outside for vulnerabilities that would be obvious to an attacker, before performing a full build review of the system.
- A Mobile (Android/iOS) Application and Web Application Assessment. This phase of the penetration test was conducted remotely utilizing NCC Group’s Mobile Application Assessment methodology and Web Application Assessment methodology to assess the ProtoPie mobile applications and web applications respectively.
An AWS Configuration review leverages NCC Group’s leading subject matter expertise and a specialized tool developed in-house to provide a comprehensive review of the security posture of Studio XID’s AWS instances. The AWS Configuration Review is multifaceted and consists of a thorough analysis including, but not limited to, the following:
- Access keys and root account status
- User groups and privileges
- Password policy
- MFA configuration
- IAM roles for EC2 instances
- CloudTrail
- Policy configuration
- Tenancy mode
- Encryption of snapshots and volumes
- Use of zones
- Region in which data is held
- Outbound EC2 access restriction
- Monitoring
- Security groups configuration and setup and access limitations
Result
NCC Group’s AWS Configuration Review provides peace of mind to Studio XID and its end customers. Our AWS Configuration Review service ensures that all AWS instances in scope are in line with industry-leading best practices. Studio XID customers can rest easy knowing that their most important intellectual property will remain confidential.
"Before selecting NCC Group, we performed a thorough search and compared several companies across a range of factors. We looked at expertise, flexibility in time zones, and goodwill.
Specific things we took into account were, NCC Group being acknowledged by many notable IT firms; their global presence and working across time zones as we are based in South Korea; and their understanding of our needs.
As we are unfamiliar with their services they were very consultative and took us step-by-step through their processes. In the end, we chose NCC Group above the other security groups."
Get Started on Your Cyber Security Journey
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.