SECURITY
How we develop, deliver and manage mission critical solutions
KONGSBERG has a long tradition for delivering mission critical solutions. We have our roots in the defence industry, the high-tech industrial environments of the maritime sector and the oil and gas industry.
This tradition complements our culture and mindset where we are committed to the development and delivery of secure and reliable solutions for our customers.
We understand that keeping both data and services secure is essential to your business. Delivering secure services is a continuous and highly complex activity. We take care of this complexity for you.
Kongsberg uses third party data centres which are audited for compliance with ISO 27001 and ISO27018 standards on a yearly basis.
Our layered security approach consists of physical security, Edge hardware, data communications ,secure development, monitoring and administrative controls. It covers infrastructure and devices on both the edge and in the cloud.
PHYSICAL SECURITY AND DATA LOCATION
Your data is stored in data centres which comply with the relevant regulations and have industry-standard physical protection measures in place.
- Environmental control
- Redundant power supply
- 24/7 surveillance of premises
- Monitoring and traceability of physical access to premises
Kognifai supports multiple data locations. The exact location on where your data is stored depends on your specific case and requirements.
For customer’s subject to European legislation your personal data will always be stored in Europe.
EDGE HARDWARE AND DATA COMMUNICATIONS
Kongsberg Edge Hardware is responsible for capturing sensor data from your assets on the Edge. This hardware contains several security features including a unique identity to ensure the integrity of the data and detect device tampering.
Once data is captured it is encrypted and send to our data centres using our Global Secure Network. This network is marine certified by DNV-GL and Bureau Veritas
SECURE DEVELOPMENT
When delivering new features, services or making changes on Kognifai we follow our Software Development LifeCycle. This allows us to deliver high quality services and meet security requirements.
Security requirements originate from a combination of legal, industry-specific regulations and practise as well as compliance requirements. These requirements are embedded and measured throughout the services lifecycle and include:
- Security audit and tests
- Security scanning and testing of source code ( SAST)
- Manual Testing
- Penetration testing
Our services are tested to ensure resilience against threats as defined by OWASP10 and SANS25
MONITORING AND EVENT MANAGEMENT
Services are carefully monitored. This includes the continuous scanning for cyber threats and vulnerabilities. Data analytics and Denial-of-Service prevention are some to the measures taken to ensure reliable services.
Our security operations centre (SOC), Cloud Operations and Cybersecurity specialists are key players in our approach. They are responsible for the triage, responding and learning from cyber security events.
They provide development teams with practical guidelines and updated information on how to develop secure services and enable us to act and react to keep your data secure.
