NFON AG stands for innovative, AI-powered business communication and is a trusted partner throughout Europe. Its mission: to offer customers secure, high-performance cloud communication solutions at all times that strengthen trust and provide long-term support for a modern working environment. In order to specifically test and further optimize the security of its central communication platform and associated client applications, NFON entrusted the security experts at usd AG with a comprehensive penetration test (pentest). The communications provider thereby ensures that its customers can rely on a powerful and secure communications solution at all times.
Security as an integral part
The “Cloudya” platform is NFON’s intelligent business communications platform, which helps to intelligently design its customers’ workflows. It processes highly sensitive data and must guarantee high availability around the clock. Security is not an optional feature, but an integral part of the product, especially the protection of confidential information.
What challenge did NFON face in this regard? The platform's technical landscape is complex: it comprises numerous client applications and heterogeneous systems, each with their own security testing requirements. To cope with this diversity, in-depth expertise in a wide range of technologies is required.
In-depth expertise for comprehensive penetration testing
This is exactly where usd AG entered the picture: With a large team of over 70 security analysts at usd HeroLab, we can draw on specialist expertise. The planned comprehensive pentest covered all system components - from the Cloudya web application and iOS and Android apps to the fat client and administrative backend applications. The pentest was conducted using a greybox approach directly in the production environment, for which NFON provided realistic test accounts and comprehensive technical documentation.
This resulted in two significant advantages for the communications provider:
- The comprehensive pentest is particularly effective in uncovering vulnerabilities that only become apparent during runtime, such as errors in the interaction between different system/application components.
- In addition, the greybox approach is extremely time-efficient. With the information provided, our security analysts achieved a high level of test coverage in a short period of time.
Close coordination with NFON AG enabled us to resolve even complex issues flexibly and efficiently during the ongoing testing process. By combining broad technical coverage with intensive collaboration, we were able to identify security-critical vulnerabilities and derive concrete measures to harden the entire platform. This enabled us to help NFON achieve a higher level of security - in line with our mission #moresecurity and as an important common goal that NFON consistently pursues.
Fabian Brenner, Managing Consultant and Project Lead, usd AG
Collaborative partnership for maximum platform security
We are aware of the high level of responsibility that comes with protecting sensitive customer data and ensuring a stable, secure system landscape. Maintaining and continuously improving information security and ensuring the availability of our solution are therefore our top priorities. Thanks to the competent and efficient support of usd AG, we have been able to further strengthen our security architecture and make our systems even more resilient. The collaboration with our counterparts at usd was professional and goal-oriented at all times.
Marco Landgraf, Director IT-Security & Engineering, NFON AG
About NFON AG
As a provider of AI-powered business communications, NFON AG is one of Europe's leading specialists in intelligent, secure, and user-centric cloud communications solutions. The company combines technological innovation with high reliability and a consistent focus on data protection and a professional user experience. NFON works with an extensive network of system integrators, distributors, and solution providers across Europe, supporting more than 54,000 customers in efficiently modernizing their communications landscapes and making them future-proof: http://www.nfon.com/
