Security

One of the markets most secure SaaS solutions for e-commerce

Commerce-Engine-Vax-utan-att-kompromissa

At Norce, security comes first

linkedin-sales-solutions-EI50ZDA-l8Y-unsplash

Through our “Secure-by-Design” initiative

By choosing Microsoft Azure for both maintenance and development environments, we have access to the market's best and most modern tools; for proactive security work.

Microsoft Azure enables us to detect and prevent overload attacks – known as “DDoS” attacks – and intrusion attempts; and ensure that we, and our merchants, live up to legal requirements, regarding security and integrity that exist, in local and global regions.

Microsoft annually invests $1 billion in cyber security for Azure; and has over 3,500 people working in the field. These investments benefit all our merchants; by our choice of Microsoft Azure. Through Microsoft's security services, all clients in Azure get access to preventive measures, as soon as a threat is detected at any of the other approximately 400, 000 clients!

Secure by design

We operate according to Microsoft’s “Secure Development Lifecycle” (SDL). It is a method of detecting and preventing vulnerabilities; at the earliest possible stage, and making the product as impermeable to attacks as possible. This is achieved through a range of measures; such as: threat modeling, ongoing testing, and compliance with best programming practices.

The secure by design initiative can be divided into three phases

In phase one, we assemble a list of potential threats, to assess what mitigating measures we should be prepared to take. An example of this could be: To check whether a certain component is sensitive to DDoS attacks; and then, identify countermeasures that are planned in the development work.
In the next phase, we do a static source code analysis of everything that is in development; so that our developers can quickly receive feedback on whether they have taken in a library, or produced code, that have known problems. Throughout the development cycle, we also receive suggestions on how code, or implementation processes, should be adapted; to be as secure as possible.

When the component finally goes into operation, we have basic security protection protocol that ensures that we are GDPR-compliant; and that the right people access the correct data, at any given time. We also ensure that good encryption is in place; and that we have the perimeter protection needed, in order to be able to offer genuinely secure maintenance operations.

Let´s talk

Do you want to accelerate your digital commerce?

Norce empowers companies with advanced needs to accelerate their digital business. We do this by providing powerful composable, headless and True SaaS commerce.

Powered by industry-leading technology, strategic partnerships and continuous innovation, we create the tools and strategies needed to fully take advantage of tomorrow's commercial landscape.