Tag Archive for: information security

Information Security is a priority at GoPro

Information Security is vital

Fortunately, more people, businesses, and institutions are becoming increasingly aware of information security and the consequences of neglecting it. Most of us have personal and important information on our computers and phones that we wouldn’t want anyone to access. Additionally, many companies and institutions hold sensitive information about their customers. Customers need to trust companies and care about information security. Information security is vital for companies to maintain trust and credibility. If it fails, it is difficult for companies to recover and regain trust.

What is GoPro doing in information security?

Information security has always been a priority at GoPro and it has been one of the cornerstones of our software development. We follow a well-defined development process that is ISO 27001 certified and GoPro regularly conduct scans and tests and engage a third party to perform penetration testing and vulnerability testing. This is where we are constantly improving our security, and information security is a top priority for us.

Security in the System as a Service (Saas) at GoPro

The SaaS environment at GoPro is in an ISO 27001-certified hosting environment, and detailed measures are taken to ensure security in our system. Communication with Saas is done through IDS (Intrusion Detection Systems). This means that IDS acts as a security guard ensuring all communication is monitored for any suspicious activity, with specialists from GoPro responding if needed. All communication is also encrypted and only supported standards are allowed. We have a separation between all systems in the SaaS environment, meaning there are separate websites and operators for each system, as well as separate databases and connections for each system. We regularly take backups of all systems and test them.

Microsoft Entra ID authentication in Azure

GoPro customers can connect to our solutions using Entra ID authentication (formerly Azure AD authentication). This is a cloud solution from Microsoft that is set up in the Azure Cloud of customers and enhances information security. This solution increases security by adding an extra layer of security to the access. For example, with multi-factor authentication (MFA), messages are also sent to the phone. This makes it more difficult for unauthorized parties to access the system. It’s not enough to authenticate in one place, you also need a code. Additionally, access can be set up to be passwordless so there is no need to remember all passwords, and then, for example, the Microsoft Authenticator app on the user’s phone is used.

Most common cyber attacks

Phishing Attacks: Attacks where individuals are tricked into providing personal information, such as usernames or passwords, through fake websites or emails.

Password Attacks: Attacks where attempts are made to gain access to a system by guessing or breaking passwords.

SQL Injection Attacks: These attacks are usually targeted at the databases of websites. Hackers try to insert unauthorized code into the database to gain access or control data without permission.

Script Attacks: Attacks where attempts are made to run files or scripts on websites to damage them or steal information.

Cross-Site Scripting (XSS) Attacks: Attacks where dangerous scripts are inserted into web pages, which then run on the user’s computer when they view the page. XSS attacks are commonly used to steal user input or other information.

DDoS Attacks: Attacks where multiple computers are used to overload the web server and make it inaccessible. DDoS attacks often disrupt web servers, causing them to become very slow or non-functional.

Please contact us if you want to know more

Here at GoPro, we are always ready to discuss security issues, as we are passionate about it and want to ensure that our solutions meet information security standards. We also offer our customers to add Entra ID authentication to enhance security for user logins. Please contact us by clicking here.

GoPro’s operations are ISO 27001 certified for information security

Information security is one of the cornerstones of software development at GoPro. The importance of security in information technology has grown in recent years, and GoPro has set an ambitious goal to support and meet these increasing demands.

A milestone was reached when the information security management system (ISMS) for GoPro Case Management Software Solutions was certifiedby the British Standard Institutions (BSI) in Iceland. BSI audited the system according to the ISO 27001: 2013 standard of information security last year. This certification recently passed another inspection, confirming the successful adoption of the certified processes, which cover product development, consulting, services and hosting.

“Information and data loss is one of the biggest threats that companies and organizations need to deal with today, so it’s important for companies to protect information about the companies themselves and customer relations. The information security management system that complies with the requirements of ISO 27001: 2013 is a managed method of managing confidential information that concerns the company so that it stays safe. It helps companies identify current and potential vulnerabilities in information security and enables the company to take action before damage occurs. ”
– BSI

Regular review is an essential part of maintaining the validity of such certifications. Handbooks and quality documents are of little use if they are not maintained and applied. GoPro set a goal of embracing information security as an integral part of the company culture, so that security is a seamless part of daily work. That approach required extensive preparation and the involvement of every department, with proven success.

“This certification in the field of ISO 27001 information security is important to us. We worked hard to document and review all our information security activities, in compliance with this international standard,”  states Helga Ingjaldsdóttir, CFO and Board member Hugvits.

“Information Security is one of today’s greatest IT challenges. GoPro’s ISO 27001 certification is a mark of our commitment to be at the forefront of development and service of reliable and secure solutions. It is a landmark in ensuring the security of our customers’ data both in software development, hosting and service, as well as our business operations. For companies that sell solutions worldwide, it’s an essential part of building trust in the company.”

The ISO 27001: 2013 standard was implemented in accordance with GoPro’s internal security policy, which pertains to development, services, consulting, hosting, project management and operation of information systems, and works to secure the confidentiality, integrity, availability and security of important information.

What is ISO 27001?

The ISO 27001 standard deals with information security, specifies requirements for implementation, maintenance and continuous improvement of information systems and their management in accordance with best practices.

The standard also includes requirements for evaluation and management of security features tailored to the nature of the companies.