Roberto Troiani, Founder & CEO
Strong integration between IoT, mobile applications, third-party APIs and new user interaction approach based on emerging technologies such as augmented reality, facial recognition, AI has rapidly increased the proliferation of data. While organizational CIOs have undertaken a reactive model to mitigate the privacy and security risks associated with this data, they have been limited by the stiff competition on local and global markets which has lead them to take business-oriented decisions rather than an appropriate risk-based approach. What CIOs need is a modelled security system that can help them to intercept business constraints from the point of view of privacy and security while they build or roll out new solutions. Helping them integrate security functions and principles into business processes is Yaroze. “We are a small reality— almost a boutique company— driven by strong passion and a methodological approach which is able to deal with multinational companies’ risk environments,” states Roberto Troiani, the founder and CEO of Yaroze.
Through its SSDLC methodology—which is inspired by international standards and guidelines such as OWASP, NIST and ISO/IEC 27034—Yaroze helps clients to gain a holistic security and compliance perspective from scratch by issuing security requirements, risk-based guidelines and controls pre or post production passage (VAPT). A fundamental aspect is their continuous activity in terms of training on secure development techniques. Troiani informs, “Yaroze is a reality built to best support those customers with clear and achievable goals.” says Troiani. At the heart of Yaroze’s consulting business is its SynapSec software which has been developed specifically to manage their service in a centralized way.
We are a small reality— almost a boutique company—driven by strong passion and a methodological approach which is able to deal with multinational companies’ risk environments
Currently, the company has defined an evolutionary roadmap of the software so that it can be used directly by the customers. The software system allows Yaroze to maximize the speed of execution for its clients and centralize the know-how, which reduces time wastage and standardizes activities.
What differentiates Yaroze is its motivation to help the customer to reach the set goals concretely. Troiani gives an example, “Such as implementing an SSDLC within six months to reduce costs and efforts needed or remediation, and as a result, making the security process autonomous for the clients to leverage.” He further mentions, “We try not to become upholstery of the customer, this is of great advantage for all, and we believe to be the real differential factor.” In an instance, Yaroze helped an insurance company in implementing a secure development process. The client tested the methodology on a very critical project. Yaroze validated the quality of the implemented process that has meanwhile translated into a substantial reduction of vulnerabilities and risk. Furthermore, the process of issuing security requirements meant that the various suppliers did not charge remediation costs to the customer. The next step was to offer the SynapSec software for managing the entire secure development process to replace multiple excel, word and PowerPoint sheets.
Having carved a unique niche in the enterprise security space, Yaroze aims to continue on its success path. “The market signals are positive, the demand is also spreading to the Small and Medium-sized companies; on this target, not very receptive until some time ago, we believe that our offer driven by SynapSec can be of great help to effectively penetrate this segment,” concludes Troiani.