Cloud2 and 2NS: Security testing of the twoAI-platform

Written By Mikko Laakkonen

2NS conducted a security assessment of the twoAI platform developed by Cloud2. The goal of the testing was to verify the software’s level of security and to obtain external expert validation for Cloud2’s internal development efforts. Cloud2 follows a secure development model, and the testing was a natural part of its ongoing quality assurance.

twoAI is a platform designed for businesses, enabling the secure deployment of AI models and applications within the company’s own cloud or server environment. The platform acts like the company’s own AI control center, where all AI solutions remain within environments managed by the organization and their usage can be centrally controlled.

At the core of the solution is data protection and safeguarding company data. twoAI ensures that AI can be used reliably and in compliance with regulations, without compromising security. Therefore, it was natural to have the platform tested by an external expert.

Together with 2NS, the decision was made to focus the security testing specifically on the application’s functionalities. The penetration testing was based on a scenario where the tester had the access rights of a typical user of the twoAI platform. The testing looked for vulnerabilities and examined whether a regular user could access sensitive data or functions intended only for users with higher privileges.

The results of the testing were reported in a constructive manner, and according to Cloud2’s Head of AI Business, Jarno Lepistö, they reinforced confidence in the security level of twoAI and highlighted areas for improvement that were decided to be implemented in the software.


“We gained valuable insights from the testing, which we were able to apply in our development work. It gave us confidence that the software is safe to use in our own operations and to offer to customers,” Lepistö says.

The testing was also an important part of Cloud2’s ISO 27001-certified operations. Collaboration with 2NS has extended beyond technical security testing to consulting on security management, particularly related to ISO 27001 certification.

“The project with 2NS went smoothly and effortlessly. I can confidently recommend working with 2NS to others as well,” Lepistö concludes.

Mikko Laakkonen
Next

The Day I Realized I’m the Fax Machine