Product Security Assurance: A Case Study
Our client, a government agency, wanted to securely communicate and exchange information with different teams in different organisations. This would require interoperability between the different chat platforms used in organisations locally, regionally, nationally, and internationally.
The key challenge was that each team used incompatible chat systems. This made communication and exchanging information across systems difficult. For example, two departments using Skype and Slack or Teams and XMPP, could not exchange information without downloading the chat system that each partner uses.
In addition, with many departments and chat apps in use; there was more complexity, higher storage requirements and increased attack surfaces. Our client identified a solution through a third-party software supplier that would solve this problem and allow interoperability between clients using just one chat system.
Our role was to verify that the solution offered by the software supplier functioned as advertised. We were asked to highlight any issues with functionality and build documentation to give a complete picture of the software’s readiness for a production environment.
Using our DevOps, security, research and communication skills we aimed to:
1. Update key elements requested by the client.
2. Build a test framework, test the product and document the results specifically around:
3. Provide a gap analysis between current and desired states.
The key complexities we identified were that:
We were able to successfully improve elements of the application in-line with the client’s requirements. We highlighted further improvements that allowed our client to re-evaluate their deployment. Having delivered the project successfully, and fostered a positive relationship with the client, we were invited by the client to tender on a different project testing, validating and prototyping innovations in the technology experimental space.