Jack O'Sullivan
November 2 2021
About LedgerEdge
LedgerEdge is a FinTech start-up going from strength to strength since it was founded in 2020. The organisation’s specialty is corporate bond search and execution and their mission is to be the next-generation ecosystem for corporate bond trading.
With the use of distributed ledger technology, the LedgerEdge ecosystem removes barriers to finding, sharing, and trading corporate bonds by providing the tools and rules required for counterparties to search and make transactions while keeping data leakage to a minimum. The distributed LedgerEdge system allows for a level of security that goes beyond that of other trading platforms, allowing users to feel safe in the knowledge that their information is secure. LedgerEdge users own and control their own data and only reveal their orders on their own terms.
Secure Foundations
To build a secure network, you need to do it from the ground up. The team at LedgerEdge chose Secarma as a security partner, and together we’ve embarked on a long-term collaboration to make cybersecurity an integral part of their business. In the financial services industry, regulations are stringent and LedgerEdge is committed to fulfilling its obligations in this regard.
“When we talk to clients now, we talk about what they can expect from our system and what we can deliver to them. One of those key aspects, alongside legal and onboarding, is cybersecurity. Security is one of the key areas that clients expect us to be bulletproof in – from encryption in transit, to compliance, to security testing. It has to be very tight. There are many boxes to tick that our clients and regulators expect.” – Robert Bose, CTO at LedgerEdge
From the beginning, LedgerEdge has been continually investing in cybersecurity, opting for a proactive rather than a reactive approach, focusing on prevention rather than damage limitation after the fact. This has involved regular penetration tests, as well as bringing in Secarma’s consultants to ensure that systems and processes are built with security in mind from the start. We have worked with LedgerEdge to craft effective policies, carrying out and managing information security projects, and provided regulatory guidance – all via our vISM service.
About vISM
Our Virtual Information Security Manager service is designed to benefit a range of companies who are looking to develop or maintain a robust cybersecurity posture. While we do work with many large organisations, our vISM consultants often find themselves paired with SMEs. We provide one of our experts to help manage the organisation’s security – tasked with prepping the business for interviews and tests from regulators, communicating security issues to the board, as well as setting and meeting security objectives. This includes anything from compliance, risk management, security protection, incident detection and response, threat hunting, and minimising impact.
What We Did
LedgerEdge partnered with one of our experienced consultants via our vISM service. Before any hands-on work could take place, his immediate approach was purely consultative. With an emphasis on active listening, our consultant first took the time to understand the organisation’s concerns. Robert Bose, LedgerEdge’s CTO, explained his goals with regards to cloud security: “Our cloud-based system sits within AWS. The security boundary around AWS is incredibly important to us, and so is the security boundary within our system - so that clients can’t see each other’s details.”
Our work with LedgerEdge is a long-term partnership, with one of our consultants embedded within the business, as an extension of LedgerEdge’s team. He served as the expert by their side when the organisation was engaging with regulators.
LedgerEdge’s core concept is their blockchain product which is essential to the offering – it's extremely secure and accountable. It offers a way for an organisation to know with certainty who did what, when it happened, and who owns what. The consultant was also tasked with building up an environment in the organisation’s wider computer systems, in order to ensure that every item was as secure as the core offering.
Customer Feedback
Our clients often choose to work with Secarma due to our top-level strategy around cybersecurity, our strong reputation, and our consultative approach. Here’s what LedgerEdge had to say:
“Secarma was our first pick due to my own prior experience with the company as CTO at a previous organisation. At that time, I worked with their experts on a penetration testing project and it went really well, so they were the obvious choice to return to here. I had a discussion with Secarma’s Managing Director: Holly Grace Williams, about going beyond penetration testing – I wanted Secarma to become a key security partner. That’s where Michael came in, and it’s been working very well ever since.
Integration was very natural, with open dialogue throughout, so there is no barrier from our perspective. The level of communication has been the same as if Michael were in-house. It’s been very good, and long may it continue.” – Robert Bose, CTO at LedgerEdge
How Secarma Can Benefit Your Business
The cybersecurity experts at Secarma provide a range of consultancy offerings that are designed to help businesses understand their security posture, fortify their defences, and help them meet numerous cybersecurity objectives.
Our consultants work with you to improve your organisation’s resilience to real world attacks - this can involve anything from designing and implementing a new security strategy, to guiding you through the necessary steps to appease industry regulators. We offer flexible services: from one-off penetration tests, to collaborating with your security team on a long-term basis - building that familiarity and rapport – and working towards the continuous development of your security standing.
Working with us means you have a security expert by your side, as well as the knowledge and experience of our testers at your disposal. We focus on cybersecurity, so you can focus on your business.
To find out more about how our Virtual Information Security Manager service can help your organisation develop and maintain robust cybersecurity, head over to our vISM page, or contact us here.