One of the markets most secure SaaS solutions for e-commerce


At Norce, security comes first


Through our “Secure-by-Design” initiative

By choosing Microsoft Azure for both maintenance and development environments, we have access to the market's best and most modern tools; for proactive security work.

Microsoft Azure enables us to detect and prevent overload attacks – known as “DDoS” attacks – and intrusion attempts; and ensure that we, and our merchants, live up to legal requirements, regarding security and integrity that exist, in local and global regions.

Microsoft annually invests $1 billion in cyber security for Azure; and has over 3,500 people working in the field. These investments benefit all our merchants; by our choice of Microsoft Azure. Through Microsoft's security services, all clients in Azure get access to preventive measures, as soon as a threat is detected at any of the other approximately 400, 000 clients!

Secure by design

We operate according to Microsoft’s “Secure Development Lifecycle” (SDL). It is a method of detecting and preventing vulnerabilities; at the earliest possible stage, and making the product as impermeable to attacks as possible. This is achieved through a range of measures; such as: threat modeling, ongoing testing, and compliance with best programming practices.


The secure by design initiative can be divided into three phases

In phase one, we assemble a list of potential threats, to assess what mitigating measures we should be prepared to take. An example of this could be: To check whether a certain component is sensitive to DDoS attacks; and then, identify countermeasures that are planned in the development work.
In the next phase, we do a static source code analysis of everything that is in development; so that our developers can quickly receive feedback on whether they have taken in a library, or produced code, that have known problems. Throughout the development cycle, we also receive suggestions on how code, or implementation processes, should be adapted; to be as secure as possible.

When the component finally goes into operation, we have basic security protection protocol that ensures that we are GDPR-compliant; and that the right people access the correct data, at any given time. We also ensure that good encryption is in place; and that we have the perimeter protection needed, in order to be able to offer genuinely secure maintenance operations.