There are other CDE providers. Why is Asite the preferred choice?
Proactive Security by Design
Security and Data Privacy by Design and by Default is Asite's mantra.
PESTLE Horizon
Have you ever wondered whether you are ready for the advances in machine learning, quantum computing, metaverse technologies and how they will shape your products, ways of working and business in general?
Do you understand all the new legal requirements for information security and data privacy which are constantly evolving across the world and how they can impact your services and operations?
Are you aware of and able to comply with new sanctions in certain countries or changes in external policies and their impact on your business or projects?
We do it every day!
Our Information Security and Legal Teams keep monitoring relevant changes and challenges for our industry when it comes to Political, Economic, Sociological, Technological, Legal and Environmental (PESTLE) risks.
Threat Modelling
At Asite we take a proactive approach when it comes to security and data. We invest our time and resources in conducting full threat modelling for every new project, product, service or supplier. And not just in the beginning but regularly!
This enables us to foresee potential issues that might impact our clients, partners and users not only in terms of Cyber Security but also from the Legal, Compliance, Data Privacy and Data Sovereignty angles.
Our holistic approach allows us to be compliant with the most up-to-date requirements as well as future changes while delivering innovative solutions.
And we keep the ability to do so even when the threats change.
Adaptability is the key to thriving amidst constant change and evolving threats.
Secure SDLC
Our software development has adopted the most recent advances in terms of security.
We based our risk and threat modelling in industry best standards like STRIDE and OWASP ASVS.
At Asite we use the OWASP ASVS as our yard stick for threat modelling, development requirements in stories, QA testing and security testing.
Everything is reviewed, tested, and retested before it goes into production.
Our code and external libraries undergo statical and dynamic code analysis (SAST and DAST) and we review the licenses in the libraries used.
During the testing phase Asite Purple Team conducts penetration testing of all applications before they are submitted to production, any critical or high-risk issues are fixed before the release to production.
We do not only test it internally but at least once per year a team of CHECK or CREST certified Ethical Hackers test our platform so we and our clients have independent reassurance about our security and what we can learn from them.
This guarantees our commitment to having the safest and most secure SaaS platform that we can have kept it at a reasonable cost for our clients.
It also allows Asite to have the UK MoD DART/RMADS and the Australia MoD DISP for documents with a classification level up to OFFICIAL-SENSITIVE.
Data Privacy by Design
Asite operates in different countries in the world with different data privacy and sovereignty laws and requirements with clients that also operate in different countries and subject to so many different regulations, but we all share one thing in common, the need to minimize data privacy risk and fully embrace the data sovereignty requirements of our clients and our client's clients.
For this we include data privacy and data sovereignty as part of our initial risk assessment and threat modelling when designing new products or services, when onboarding new suppliers and partners but when we also decide to open a new datacenter in a new country.
And we make sure we align our clients' requirements with our suppliers and local partners making sure we all have the same data and risk minimization perspective.
We only keep the data as long as strictly required and when it reaches the end of the data retention period we safely and securely dispose of it.
And we only use the data for the purpose of the contracted services, Asite does not use our client's data for nothing else but the provisioning of our secure CDE as part of our SaaS platform.
This is so embedded in our culture and ethos that we have decided to make it part of our certification range. Asite is extending our current Information Security Management System (ISMS) for ISO 27001 to include data privacy by rolling out the ISO 27701 - Extension to data privacy - and implement an Information Security and Privacy Information Management System (ISPIMS) across all the countries where we have offices and datacenters.
Security and Data Privacy by Default
If we design the system to be as secure and private as possible then why not make it so by default?
At Asite we think that it is also in our client's best interest to raise their security posture regardless of if they are a big conglomerate or a small company.
We all know that the finishing is the difference between a great and a good project and we are all about remarkable results at Asite.
For this we are taking our clients on a journey of security and data privacy not only by design but also by default.
We will set the bar high, to the best and most secure requirements yet allowing our clients to work in safety with their suppliers and clients. We will make sure that the necessary data privacy settings are there from the beginning and by default.
And our clients always have the informed choice to reduce them if they need them and within their own risk assessment.
But we will treat your projects as if they were part of the critical infrastructure, a national defense system or nuclear power plant - secure by design and by default!
Transparency
At Asite transparency is part of our ethos along with accountability and rigour.
That is why we provide all our client access to our Asite GRC Documents platform, a curated selection of documental evidence that allow you - our client - to conduct at any time the necessary due diligence on Asite as part of your supply chain risk assessment.
This collection of documents includes all the penetration test reports, risk reviews, Biannual Board and Management reports for Information Security and Data Privacy, policies and procedures and other relevant documents.
We can only hope that you can get the same level of transparency from all your other suppliers.