cmdev
Practices · Security

Security is the foundation.

Not the feature.

From code to cloud, we architect security into every layer. Defense in depth. Compliance by design. Audit-ready by default — across SOC 2, GDPR, NDPA, CBN CSAT, and the frameworks your regulators require.

Last updated · April 2026
Capabilities

What's in the security stack.

  1. 01

    End-to-end encryption

    AES-256 at rest, TLS 1.3 in transit.

    • Military-grade encryption standards
    • Perfect forward secrecy
    • Key rotation policies
  2. 02

    Identity & access management

    Multi-factor authentication and principle of least privilege.

    • MFA required on all accounts
    • Role-based access control
    • Regular access reviews
  3. 03

    Infrastructure security

    Hardened cloud infrastructure with automated monitoring.

    • AWS Well-Architected Framework
    • Infrastructure as code
    • Automated vulnerability scanning
  4. 04

    Continuous monitoring

    24/7 security monitoring and incident response.

    • Real-time threat detection
    • Automated alerting
    • Incident response team
  5. 05

    Compliance framework

    SOC 2, GDPR, NDPA, CBN CSAT, and industry-specific compliance.

    • Regular compliance audits
    • Data protection policies
    • Privacy by design
    • Nigerian and African regulatory compliance
  6. 06

    Secure development

    Security-first lifecycle with automated testing.

    • Static code analysis
    • Dependency vulnerability scanning
    • Penetration testing
Framework

Prevention. Detection. Response.

Three layers, applied at every stage from architecture review through post-incident.

  1. 01

    Prevention

    • Secure coding practices and code reviews
    • Input validation and sanitization
    • Authentication and authorization controls
    • Network security and firewalls
  2. 02

    Detection

    • Real-time monitoring and alerting
    • Intrusion detection systems
    • Log analysis and anomaly detection
    • Vulnerability scanning
  3. 03

    Response

    • Incident response procedures
    • Automated threat containment
    • Forensic analysis and recovery
    • Post-incident review and improvement
Certifications

The compliance posture.

  1. 01

    AWS Security Specialty

    Advanced cloud security architecture and implementation

  2. 02

    SOC 2 Type II

    Audited security, availability, and confidentiality controls

  3. 03

    ISO 27001

    Information security management system certification

  4. 04

    GDPR

    Data protection and privacy regulation compliance

  5. 05

    NDPA / GAID

    Nigeria Data Protection Act 2023 and GAID 2025 compliance

  6. 06

    CBN CSAT

    Central Bank of Nigeria Cybersecurity Assessment Tool readiness

  7. 07

    NCC Framework

    NCC Cyber Resilience Framework for critical infrastructure

Development lifecycle

Security in every phase.

  1. 01

    Security requirements

    Define requirements and threat models during planning.

  2. 02

    Secure coding

    Follow OWASP guidelines and secure coding practices.

  3. 03

    Security testing

    Automated security testing and manual penetration testing.

  4. 04

    Secure deployment

    Infrastructure hardening and secure configuration management.

Tooling

What we run in the pipeline.

  1. 01

    Code analysis

    • SonarQube
    • CodeQL
    • ESLint Security
  2. 02

    Dependency scanning

    • Snyk
    • OWASP Dependency Check
    • npm audit
  3. 03

    Infrastructure

    • AWS Security Hub
    • CloudTrail
    • GuardDuty
  4. 04

    Monitoring

    • AWS CloudWatch
    • Datadog Security
    • Custom alerting
Security team

Have a specific threat model?

Tell us the regulators you answer to, the data you handle, and the threats you take seriously. We come back with how we'd architect for it.

Contact security teamCloud security services