Situation
MPCH is an enterprise key storage and management company that applies a holistic physical-cyber security approach and advanced cryptography to future-proof the storage of traditional enterprise and crypto private keys, secrets, and other high-value sensitive data.
Their market is highly regulated, and their customers have the highest security expectations when it comes to investing in key storage and management solutions.
Cyber attacks on the types of assets and secrets MPCH stores can result in sensitive data breaches, financial losses, and irreparable reputational damage to the company and its clients.
At a glance
Organization: MPCH
Industry: Technology (Enterprise key storage and management)
Situation: MPCH and their clients face threats from increasingly sophisticated cyber attacks.
Challenge: They needed a specialist cyber security review of their architecture, implementation, and testing to determine whether it could defend against sophisticated attacks.
Solution: An NCC Group review gave MPCH credible validation that their technology secures their clients' sensitive data and keys against current and emerging threats.
Results: MPCH now meets the regulatory requirements for the industries and geographies they serve, their brand loyalty and consumer trust have been boosted, and they're positioned as market leaders for upholding security standards in their market.
Challenge
Organizations in regulated sectors where MPCH operates face increasing threats from sophisticated cyber attacks. They must also meet specific compliance requirements to operate and trade in certain markets. Demonstrating compliance can be costly, time-consuming, and arduous. Many companies lack the proper governance and defenses against evolving regulations and cyber threats. There have been countless high-profile attacks where MPCH's competitors have struggled to secure sensitive assets and maintain business operations.
To validate the security of their proprietary key storage and management platform and avoid being another high-profile victim in the market, MPCH approached NCC Group to review their architecture and implementation. The review would need to assess MPCH's use of sealed hardware security modules (HSMs) running custom software to provide smart programmability alongside scalable and secure key storage.
Solution
MPCH selected NCC Group as they felt the firm was the most qualified and experienced cyber security advisor they had presented their challenge to. Without NCC Group specialists' deep domain expertise, the two teams may not have navigated through the complex hurdles in assessing MPCH's unique architecture.
The two parties communicated excellently throughout the review, and NCC Group worked closely with MPCH's technical team to thoroughly review the proprietary technologies and identify any risks.
Pen-testers and security architects first analyzed MPCH's security architecture, which uniquely combines military-grade physical security with Multi-Party Computation (MPC) cryptography. They then tested their HSM code and Application Programming Interfaces (APIs). Finally, the team conducted vulnerability scanning across their entire estate.
NCC Group was also able to understand the business culture and advised on their incident response and insider threat processes to maintain high security standards as the company experiences growth and expands in the future.
Result
NCC Group's team successfully reviewed MPCH's key management solution and architecture. MPCH obtained a report from our team to confirm that their platform meets the highest standards for regulated industries, as well as a tailor-made roadmap to make even further improvements and developments in the future.
NCC Group's cyber security review provides MPCH with credible, independent assurances that their technology secures sensitive keys and data against current and emerging threats. This assurance can give clients the confidence to store their most critical secrets and keys with MPCH. As a bonus, it supports MPCH in meeting the compliance requirements of highly regulated private and public sector clients.
"NCC Group's reputation as an industry leader in application security testing and reviews provides us with a stamp of approval that our architecture is hardened against even the most sophisticated of attacks. This will position MPCH's solution as the most security-conscious key storage and management solution in the marketplace at a time the sector is experiencing a high volume of attacks."
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.
Get started on your cyber security journey.
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cyber security needs.