CyberVadis: A key certification in a tense digital landscape
Today, businesses of all sizes face cyber threats. Data theft, ransomware attacks, and intrusion attempts have become commonplace. In an increasingly uncertain global context, cybersecurity is more critical than ever.
Shortways is fully aware of these challenges and is committed to ensuring a secure digital environment for its clients. That’s why we chose to have our security level assessed by CyberVadis, a well-recognised certification that evaluates an organisation’s cybersecurity maturity across four key areas:
- Data protection and privacy
- Access and identity management
- Infrastructure and application security
- Incident detection and response
We are proud to have achieved an advanced score of 718/1000, a clear recognition of Shortways’ efforts to maintain a high level of security.
A score of 718/1000: what actions has Shortways implemented?
At Shortways, cybersecurity is embedded at every stage of the development and deployment of our SaaS solutions. Our improved CyberVadis score is the result of structured initiatives and best practices applied daily.
- Security from the Development Phase
We follow a secure development methodology, incorporating the OWASP Top 10 recommendations, which address major web threats such as code injections and API vulnerabilities.
Additionally, we conduct a systematic vulnerability analysis before each deployment, ensuring that any potential security flaws are identified and mitigated before production.
- Securing Deployment and Operations
Once our solutions are in production, we have implemented enhanced security measures, including:
- Segmentation of services to limit the impact of potential intrusions.
- Encryption of data at rest and in transit to prevent interception.
- File integrity monitoring: where any altered content is automatically detected and removed.
- Use of secure protocols and strict access restrictions.
- Annual penetration testing to assess our defences against external threats.
- Infrastructure and Data Protection
We have also strengthened our infrastructure security with:
- A Web Application Firewall (WAF) to block common attack attempts.
- An Intrusion Detection System (IDS/IPS) that continuously monitors activity and detects suspicious anomalies.
- Anti-DDoS mechanisms to prevent traffic overload attacks.
- Multi-site and multi-region data backups to ensure business continuity in case of incidents.
- Human Security and Governance
Security isn’t just about technology. Humans remain the biggest risk factor. That’s why we have implemented key internal security practices:
- Strong authentication measures (MFA, VPN, IP restrictions, SSO) to control access.
- Principle of least privilege: each employee has only the access rights necessary for their role.
- Auditing and action traceability to quickly detect any anomalies.
Thanks to these measures, we received excellent ratings in data management, access governance, and business continuity. Our next goal is to further enhance workstation security, applying even stricter standards at an individual level.
Why is cybersecurity a major concern for our clients?
Our clients, particularly in sensitive sectors such as finance, insurance, and the public sector, have high cybersecurity requirements.
Each new project involves a security assessment, ranging from a general questionnaire to a full audit, similar to CyberVadis or ISO-27001. These assessments typically evaluate data management, monitoring capabilities, and incident response.
In this context, our CyberVadis certification is a strong guarantee of trust:
- It assures our clients that their data is protected according to the highest industry standards.
- It demonstrates that we apply robust processes to prevent and manage risks.
- It differentiates us from competitors, positioning Shortways as a secure and reliable SaaS provider.
Innovation and Cybersecurity: a crucial balance
Contrary to common misconceptions, cybersecurity does not hinder innovation. In fact, it is a key driver of differentiation and long-term success.
« Security is the most important aspect of development. While cybersecurity introduces constraints, these constraints ultimately become advantages. They are essentially best practices that we integrate as early as possible. When developing a new product or feature, considering security from the outset ultimately saves time in the long run.”
Olivier Piedfroid, CTO of Shortways
At Shortways, we have chosen to integrate security by design into our products, preventing costly fixes and minimising risks for our clients.
We are also preparing for the future by incorporating new AI and digital resilience regulations (such as DORA and the AI Act). In our future developments, we aim to implement sovereign AI solutions hosted in the EU, or even in France, to ensure the highest level of security and compliance.
Conclusion
Achieving CyberVadis certification with a score of 718/1000 marks a key milestone in our cybersecurity commitment. Shortways continues to evolve, offering its clients a secure, reliable, and industry-compliant SaaS platform.
We will continue strengthening our protocols, anticipating future regulatory and technological developments.
Because cybersecurity is not an option, it’s a necessity.