Under Lock & Key.
Security with Lobster.
When companies decide to expand their business on the international stage, they quickly face the need to comply with a variety of different security regulations and requirements.
CUSTOMERS WHO RELY ON LOBSTER.
SECURITY REQUIREMENTS.
In order to comply with these requirements, the following precautions are usually among the most important security requirements for business-critical software.
AUTHENTICATION
User authentication to access the software.
AUTHORISATION
Authorisation of the actions that a user is allowed to perform within the software.
ACCESS CONTROL
Restriction of user access to software and data in accordance with their roles and responsibilities.
CONFIDENTIALITY.
Protection of sensitive information against unauthorised access or disclosure.
INTEGRITY
Prevention of any kind of unauthorised modification of the data.
Auditing
Tracking and recording of activities within the software for purposes of compliance and forensics.
Compliance
Compliance with all industry regulations.
TRANSFER CONTROL
Protection of data both during transmission and in data storage through encryption.
AVAILABILITY
Ensuring access to software and data by appropriately authorised users and business applications.
Backup & Disaster Recovery
Ensuring the recovery of data in the event of infrastructure failures or disasters.
THE LOBSTER SECURITY APPROACH.
The data integration software Lobster_data is subject to continuous testing to prevent any security gaps. To this end, Lobster_data undergoes a comprehensive security audit and penetration testing by external auditors before each release. The audit identifies potential security risks and vulnerabilities in the software, which are discovered and corrected before possible implementation. The software quality that Lobster ensures for the security and reliability of its solutions is also achieved through additional, continuously improved module tests (unit tests) that verify selected code sections or classes. This avoids later, costly corrective measures for all involved parties, minimises the risk of data protection violations, and successfully protects the processing of sensitive information.
In order to implement the high security standards necessary, the Lobster development department also uses the attack scenarios known from the Open Web Application Security Project (OWASP) via dynamic test tools. Through continuous embedding in the integration and distribution of the CI/CD pipeline (Continuous Integration & Continuous Deployment), new vulnerabilities are detected, corrected and eliminated right at the start of development.
If security gaps or program errors become known, despite these extensive security measures, Lobster promptly fixes them and delivers the correction to every customer via the integrated update centre in Lobster_data. This approach allows the software to remain up-to-date and provides improved functionality through updates and upgrades. In addition to bug fixes, release notes also include ease-of-use improvements as well as minor enhancements to classes and features.
Certifications are another cornerstone for more software security. In order to obtain such a certificate, certification bodies such as DEKRA or TÜV require software providers to comply with strict security standards, therefore certifying the best possible protection of the software against hacker and other cyberattacks.
With the ISO 27001 certification, the Lobster Group emphasises the high importance it places on the information security of its software solutions. Accordingly, Lobster makes every effort to comply with technical, legal, contractual, and regulatory requirements for information security management, especially in the international environment.
GENERAL SECURITY SUPPORT.
In addition to the testing procedures during software development as well as certification by recognised CAs, Lobster_data also offers infrastructural architecture options for the greatest possible security and availability: A special DMZ server to support a Demilitarised Zone (DMZ) or a DMZ network as well as concepts for High Availability (HA) and optimal load balancing.
In addition to the testing procedures during software development as well as certification by recognised CAs, Lobster_data also offers infrastructural architecture options for the greatest possible security and availability: A special DMZ server to support a Demilitarised Zone (DMZ) or a DMZ network as well as concepts for High Availability (HA) and optimal load distribution.
In conjunction with public cloud systems such as AWS, Azure, and Google Cloud – which offer much higher operational reliability due to timely updates and patches from the operating system and software operators, as well as direct service maintenance – these Lobster architecture options provide protection against cyberattacks while remaining cost-effective. For this reason, customers have the option of using Lobster Cloud, which allows them to entrust the entire operation of infrastructure and Lobster_data in to professional hands.
To ensure that the system administrators of Lobster Cloud customers are fully informed about the installation, configuration, system rights, database setup, backup procedures, network protocols, and ports used by Lobster_data, Lobster supports them from the outset with dedicated admin training. The installation documentation also includes, IP addresses, ports, and directories of the infrastructure, and much more.
The installation instructions, including preparations for updates, general security instructions, and important new features, are provided in the customer portal. A detailed overview of fixed bugs and software improvements with unique ticket numbers is included with each update.
CERTIFIED SECURITY.
FOR DATA TRANSMISSION.
Lobster_data offers certified communication modules to support companies in their global digital communication. For example, the Odette File Transfer Protocol (OFTP), a network protocol developed under the auspices of Odette International and recommended by the German Association of the Automotive Industry (VDA).
Lobster_data supports all versions of OFTP and is certified by Odette for OFTP2. Lobster DATA GmbH is listed by Odette as one of the OFTP2-compliant software vendors.
Another example of certification is the communication module AS2. This service offered by Lobster_data has been certified by Drummond.
Thanks to the certification, Lobster can prove to its customers and their business partners that the AS2 service in Lobster_data meets Drummond’s industry standard and is interoperable with other certified software solutions. AS2 is still one of the most widely used messaging standards worldwide. Retailers, consumer goods manufacturers, financial service providers, and government agencies have adopted AS2 to protect critical business information worth billions of euros each year.
Furthermore, Lobster is certified for SAP S/4HANA, thus meeting the technical integration standard required by SAP. SAP has a very high quality standard for SAP integration and subjects the software of all applicants to several tests as part of an integration scenario. By receiving the SAP certification, Lobster demonstrates its comprehensive SAP experience and the compatibility of Lobster_data with the latest SAP generation.
we are using lobster and it is doing all and more we ever dreamt of.
Bardo Schütz
Director of Innovation & Technology (CTO) at Customs Support Group, Business Universiteit Wassenaar, Netherlands
ENCRYPTING & SIGNING DATA.
The transmission of personal and other sensitive data must be encrypted. To meet this requirement, data can be signed and encrypted with certificates using Lobster_data. The transmission of data over networks such as the internet also occurs over an encrypted connection, for example, using communication protocols SCP, SFTP, HTTPS, AS2, AS4.
The certificates used for encryption and signing are centrally managed by Lobster in the partner management system. In addition, Lobster_data offers another service through Let’s Encrypt support – the creation of its own free TLS certificates with automatic certificate renewal for the hostname of the respective system and certificate authority signing. Cipher suites for the new TLS 1.3 version can also be used in this process.
CYBERSECURITY.
AGAINST MALWARE.
A virus scanner is essential to activate threat protection and defend against further cyber threats. It checks transmitted files for malware and takes further action if necessary. It is also possible to integrate a custom, customer-owned virus scanner directly after receiving incoming data from any communication channel. This scanner checks the data before processing and triggers a so-called exception in the event of an infection, allowing files to be moved to quarantine.
AUTHENTICATION & AUTHORISATION.
The login process for Lobster is done through a detailed authentication concept with different, freely selectable authentication methods. These include authentication through Single Sign-On (SSO), two-factor authentication (2FA), or multi-stage authentication through Multi-Factor Authentication (MFA). Two-factor authentication ensures greater security when logging in for users.
With SSO, administrators can manage authentication and authorisation for all applications and services from a central location, making security policy enforcement and regulatory compliance much easier. Users only need to authenticate once and can then access all authorised applications and services without having to re-enter their credentials. This reduces the risk of password-related security breaches such as brute force attacks and ensures the protection of sensitive data.
2FA adds a second layer of security by using an external smartphone application to send an access code to the user, which must be entered in addition to the login data.
With MFA, the user identifies himself by means of several specifications via personal details. Because multiple pieces of information are more difficult to hack or steal, MFA significantly improves security.
LDAP & MORE.
The LDAP communication module allows for authentication and authorisation queries during data processing in the mapping process. The permissions determined at runtime are available for further validation or decision-making processes in workflows.
In addition, various functions are offered to insert operations into a directory server database, authenticate or bind sessions, delete LDAP entries, search and compare entries with different commands, modify existing entries, extend entries, make queries, or release operations.
Authentication via OAuth 2.0 is standard for Lobster_data and is used for various communication connections
Lobster_data offers the ability to set up access controls with 0Auth 2.0 for REST connections, both as a client to retrieve data and as a server to provide data. 0Auth 2.0 can also be used for mail authentication of an IMAP or SMTP connection.