Cloud Native CyberSecurity Services

Stack Sciences brings a combination of consulting and managed security services to accompany your organization in its security journey to the Cloud.

Overview

Services

A comprehensive set of services to assist you at every stage of your journey to the Cloud Native world.

CONSULTING

We help you prepare or optimize the key processes which contributes Cloud security (ie. SDLC, Agile, CI/CD, DevOps, SecOps, DevSecOps).
These processes are at the heart of your Cloud Security Posture and the protection for your Cloud Workloads and must be adjusted and tuned to leave no gaps.

Details
MANAGED SECURITY SERVICES

We monitor your Cloud Security Posture, we triage issues and trigger security tickets in the backlog so that the teams can fix the issues as part of the Sprints or other activities and processes.

Details
GOVERNANCE

We help you to build, improve, a governance model that empowers the people in your organization to consistently make good security data-based decisions and provides the capability and technology for your security team to enable this to happen.

Details

Consulting Services

We’re constantly trying to express ourselves and actualize our dreams. If you have the opportunity to play this game of life you need to appreciate every moment.

Security Architecture

How to design an architecture, define a release strategy and methodology such as to mitigate the probability of security issues in production?

Shift-Left Strategy

How to ”shift-left” pragmatically to implement, over-time, step-by-step, a risk mitigation strategy that is aligned with the risk appetite of the organisation?

DevSecOps Processes

How to pragmatically integrate security, SecOps, into your Cloud processes and CI/CD automation chain such to transform the "Shift-Left" into an effective security routine?

Monitoring & Posture

How to measure, monitor and govern the software engineering, SDLC, DevOps, SecOps, DevSecOps, SRE processes that are essential to the security of your Cloud journey?

Managed Security Services

StackSciences provides, affordable and efficient, Managed Security Services to assist you in maintaining a sound Cloud Security Posture.

Multi-Clouds

Our unique MSSP platform is the only one to supports all the major Swiss, European and US Cloud Service Providers.

Discover

Continuous discovery of the assets in your various Cloud tenants.

Assess

Detection of misconfigurations, non-compliance and vulnerabilities (leveraging CSPs security tools).

Aggregate

Aggregating issues along multiple axis to compute a security score and facilitate triage.

Triage

Triage of issues and push into product backlog for engineering, DevOps, SRE resolution.

Governance

Professional Services is about providing solutions to problems, thus it is for StackSciences to provide you with guidance, assistance and support in the remediation of issues and/or to fix or improve processes.

Simplicity

The Cloud is constantly in movement, thus you cannot just define a security posture and control objectives, and then walk away.


We help you to simplify and be pragmatical on your control environment such as to be able, day after day, to govern the security of your Clouds.

Metrics

One can only make informed decisions with data. Exposing metrics to teams and leadership helps your organization learn.


We help you define and compute metrics about your control effectiveness to enable you to provide assurance internally and externally that you’re meeting your control objectives.

Processes

Governance means security processes performance, and most importantly the processes to monitor and manage the controls.

We help you define a pragmatical governance framework so that your organisation understand it's current posture, is aware of the risks and the effectiveness of the controls.

Frequently asked question

We offer affordable monitoring, starting at CHF 20k per year, or CHF 5k per quarter. We achieve this thanks to our unique platform but also by allowing our customers to select the frequency of the scans (i.e. quaterly, monthly, weekly, daily), and then select a package of issues (i.e. 1000, 500, 250, 100) that will be processed. The number of issues is key as it needs to match the capability of your organisation to remediate them (i.e. the security velocity). The number of issues is both an indication of the complexity of your cloud instances as well as an metrics of the effectiveness of your shift left, DevSecOps processes.
Velocity is the metric used by agile software teams to measure its effectiveness at predicting the time it will take to complete a task. Basically velocity is the average number of "story points" or "hours of development" the team completes in the average sprint. The security velocity is a sub-component of the velocity, it's about measuring the capability of the software team, inclusive of DevOps and SRE, to remediate security issues over a period of time - i.e. a sprint. The security velocity is important to measure to ensure the flow of security issues pushed to remediation are aligned with the team capabilities, otherwise security issues will pile-up into the product backlog up to a point where they will just be discarded.
Contrary to most, if not all, Managed Security Services Providers which are just integrating and running off-the-shelf security software, we have our own Cloud Security Posture Monitoring platform. The short story is that it was first a product but then we went into becoming a service company. Our platform natively supports: AWS, Azure, Google Cloud, Exoscale, OVH Cloud, Hidora, Scaleway, and can integrate any Kubernetes or OpenShift cluster via a sensor. Owning our platform enables us to tailor our service to our customers' needs but also to be affordable and efficient in our service.