It all starts with where you are now and where you want to be in the future — a comprehensive strategy and solutions for successful information technology management.

Strategy & Solutions

With a bit of structure in place, we can help you pave the way towards intelligently growing your business.

Cyber Security Assessment

Learn more

Cloud Migration Assessment

Learn more


Learn more


Learn more


Learn more

Cyber Security Assessment

Security is a hot topic. Companies and organizations have access to increasing amounts of data that is stored, accessed, and downloaded from many locations and devices. To test the security of your infrastructure, clarify the current status and then optimize it, you need a clearly defined method and a clear and concrete list of actions to be taken. We have developed the technique you are looking for: using the Cyber Security Assessment Tool (CSAT), you can translate insights about security challenges into concrete actions both quickly and efficiently.

Let’s get started →

You can count on the many years of experience of Truly Secure for a systematic scan of your infrastructure and a comprehensive security roadmap. CSAT will continually evaluate the progress of your security and present you with an action plan based on facts. From comprehensive insights into your security vulnerabilities to a concrete roadmap and better data security, based on facts and expertise.

Specialized Consultancy

With many years of experience and expertise, you can count on our calculated approach, well-researched recommendations, and a roadmap guiding you to better security in your IT infrastructure.

Action Plan

CSAT provides an action plan to improve your cybersecurity and allows you to invest in security, only in the areas where it is required. CSAT enables you to address structural vulnerabilities proactively.

Minimal Intrusion

Our automated scan software uses agents that delete themselves automatically following the scan. No installation is required on the endpoints. This means that your IT department only has to deliver minimal assistance.

Automated Scans

Fast and accurate scans of all your endpoints, network, AD, and Azure AD. In addition to this, all content in Office 365, SharePoint, and the file shares are scanned. The scans are complemented with a questionnaire.

Improve your security based on facts:

1. Define your Cyber Security Roadmap

2. Insight into the “Technology Gap"

3. Insightful Recommendations

Would you like to provide insight into your security quickly, invest in a smarter way, and receive a clear roadmap to better security?

Intake & Installation

Infrastructure and network check, CSAT-rollout in Azure, and configuration of the software.

Quick & Light Scan  

Your entire IT infrastructure is included; all file shares are indexed; all devices in the network are scanned.

Analysis & Reporting

Our analytical specialists process all data generated by the scan and draw up a roadmap to a better security position.

Report on results & presentation

The action plan for improved security of the IT infrastructure is presented, discussed, and agreed upon. You receive a comprehensive action plan with professional partners and technology measures.

Are you looking for a reliable partner who can guide you to better and more efficient security for your IT infrastructure?

Define your Cyber Security Roadmap

Gain insight into your security status. The CSAT provides this insight through automated scans and analyses. This Data provides the basis for you to define priorities and give you the input you need for a roadmap to improve security.

Insight into the "Technology Gap"

Legal regulations always involve both organizational processes and technology. The CSAT will define which technical measures you can take to comply with the requirement of GDPR and AVG. You can also use the CSAT to scan the steps taken regularly to determine whether these have been effective.


The CSAT will identify areas requiring attention and recommend action to be taken. For example, if the CSAT discovers that sensitive information is being shared with persons outside the organization, it will provide a recommendation for document security.

How does it work?

The CSAT is an on-premise software product developed by experienced security experts. It collects relevant data by: 

1. Scanning all Windows endpoints
2. Scanning the Active Directory and Azure AD
3. Scanning content in Office 365, SharePoint and file shares 

Collecting relevant information through an automated survey by using agents that delete themselves following the endpoint scan, the effort required from the internal IT departments is kept to a minimum.

Endpoint Scan

CSAT collects information about accounts, firewall rules, applications installed, the OS/Service pack, shared files and the registry.

Active Directory & Azure AD

The CSAT retrieves Users and Group information, identifies external users and (unused) accounts (including admin accounts), and flags suspicious accounts.

Office 365, SharePoint, Fileshares

The CSAT searches through content in Office 365, SharePoint & Fileshares for personally identifiable information (PII). Access granted to SharePoint sites and documents is also extracted. This is then compared with the accounts in the active directory to identify unauthorized access.

Cloud Migration Assessment

Speed sales cycles & migration

Let’s get started →


How can we install the confidence to adopt the cloud and shorten sales cycles?

View in-depth performance analysis of the on-premises environment.

Receive recommended right-sized compute and storage options for each machine using benchmarks.

Calculate TCO based on the right-sized setting in the cloud.

Drill down into compute, storage, and network usage for each machine to understand recommended cloud settings and calculated costs.

See predicted cloud performance of computing and storage for each machine with the recommended cloud.


How can we make migration planning faster and repeatable?

Automatically identify all applications and machines within the environment.

View application inter-dependencies, installed applications, firewall rules, applications CPU usage, and more.

Build move groups easily by machine, applications, and a number of advanced filters.

Quickly see the cost breakdown of each newly created move group. Manage the migration by adding tags to groups and machines.


How can we satisfy customers and get to recurring revenue faster?

Cloudamize installs your migration tool to speed up the process of moving workloads to the cloud.

Import the migration plan built in Cloudamize into existing migration tools, and view each move group's hostname and right-sized compute, network, and storage setting for the cloud.

View the migration status of each machine moving to the cloud.

HIPAA Compliance

More than 700,000 health-related entities are required by law to have a specialized IT risk assessment performed to satisfy the requirements of HIPAA – The Health Insurance Portability and Accountability Act.

Let’s get started →

So, too, are an estimated 2 million other companies that do business with these entities, including IT service providers, shredding companies, documents storage companies, attorneys, accountants, collections agencies, and many others. 

Utilizing our knowledge, tools, and best practices, we can ensure you meet compliance by offering the following services:

HIPAA Assessment & Remediation

On a fixed-cost project basis, we will scan your network and measure it against HIPAA best practices and create a Risk Score Matrix. The Risk Score Matrix will prioritize the work that should be done based upon potential impact on the business and likelihood of occurrence that will address those issues that carry the highest risk and highest fines.

GDPR Compliance

Find out the implications of the European General Data Protection Regulation (GDPR) and how you can act now to ensure compliance.

Let’s get started →

What is GDPR Compliance?

The drivers behind the GDPR are twofold. Firstly, the EU wants to give people more control over how their personal data is used, bearing in mind that many companies like Facebook and Google swap access to people’s data for the use of their services.

Previous legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that.

Secondly, the EU wants to give businesses a more straightforward, clearer legal environment in which to operate, making data protection law identical throughout the single market (the EU estimates this will save companies a collective €2.3 billion a year).

The GDPR has applied in all EU member states since 25 May 2018.

Who does the GDPR apply to?

‘Controllers’ and ‘processors’ of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data.

The controller could be any organization, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents.

It’s the controller’s responsibility to ensure their processor abides by data protection law, and processors must themselves abide by rules to maintain records of their processing activities. If processors are involved in a data breach, they are far more liable under the GDPR than they were under the Data Protection Act.

What happens if we have a security breach?

Even before you call the data protection authority, you should tell the people affected by the data breach. Those who fail to meet the 72-hour deadline could face a penalty of up to 10 million euros, or 2% of their annual worldwide revenue, whichever is higher.

If you take fines recently issued by the ICO, which has a maximum penalty of £500,000, and scale them up under the GDPR, you can see how much tighter the penalties for getting data protection wrong has become.

Under the GDPR, TalkTalk’s record £400,000 fine would total £59 million – that’s a pretty big chunk of the telco’s third-quarter 2016 revenue, which was £435 million. Meanwhile, the ICO’s total issued fines for 2016, which amounted to £880,500, would be £69 million after 25 May 2018, according to risk mitigation firm NCC Group – 79 times higher.

Other fines for failing to obey the GDPR?

Well, if you don’t follow the basic principles for processing data, such as consent, ignore individuals’ rights over their data, or transfer data to another country, the fines are even higher. Your data protection authority could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater.

By strengthening data protection legislation & introducing stricter enforcement measures, the EU hopes to improve trust in the emerging digital economy.

Failure to abide? Your data protection authority could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater.

PCI Compliance

Nearly 22 million businesses have merchant accounts and accept credit cards — about half of them are in the US – and most of these businesses are subject to PCI (Payment Card Industry) Data Security Standards.

Those businesses that don’t comply are subject to significant fines and may lose their rights to accept credit cards. In 2006, MasterCard, Visa, JCB, American Express, and Discover established the PCI Security Standards Council, a third party entity, to manage the Payment Card Industry security standards and to promote the standard’s implementation by all companies (i.e., merchants) that accept credit/debit cards including all:

Let’s get started →

Retail merchants: Any business that operates in a storefront location, where the customers’ debit and credit cards are physically swiped through the payment terminal.

Internet merchants: Any business being run online. It allows businesses to collect and process credit and debit card information from their e-commerce website.

MOTO (mail or telephone order) merchants: Any business that operates by taking payments via the telephone and/or direct mail.

PCI Assessment Services

Assess their Cardholder Data Environments (CDE) and perform PCI pre-audit services.

PCI Remediation Services

Document and prioritize issues you must remediate to address PCI-related security vulnerabilities through ongoing managed services.

PCI Approved Scans

In cases where you require an ASV-certified scan, you have the option to order one.

PCI Compliance Services

Produce the necessary key documents as proof that you comply with PCI.

All managed and professional services

Strategy & Solutions

Datacenter & Cloud


Modern Workplaces


Managed Services

Ready to learn more about our plans to optimize your business?

Heard through the grapevine

"This is by far the best securely managed infrastructure in the whole emirate "

Tourism Development Client

"Our industry needs to maintain many private records, so you can imagine how important cyber security is for us. Truly Secure was able to show us all of our organizations online vulnerabilities, and how to fix them. Truly Secure, truly impressed!"

Healthcare Client

Two previous companies said they could do this, and failed, Truly Secure didn’t charge us until they proved it could be done and they did prove it.

Technology Integration Client

First class work and infrastructure planning has made us more secure and cost-effective due to the shared cloud cost model.

Sports & Entertainment Client