Brief of March 2026
Google Cloud launches, New York event and B2B projects
In newsletter: Two case studies, MrBenny award and OPTI community.
See March BriefCybersecurity
Updates, Refactoring and Monitoring
Security is a constantly-evolving goal which requires continous adaptation
● All the technologies used need to be catalogued, together with their inter-dependencies: programming languages, server services, software versions. OPTI can create a technology manual for your business.
● In case of official security releases, upgrades should be planned as soon as possible: both hardware and software, solving the dependencies so functioning is not affected.
● In case of urgent security bugs, pro-active preventive steps may be taken: access reduction, access filtering, working on a data snapshot.
● When security updates conflict with normal functioning, refactoring and code updates need to be implemented.
The case for code refactoring
● In a fast-changing technology landscape, organizations depend on multi-year-old software using technologies which may become deprecated.
● OPTI specializes in working with legacy code. We identify vulnerable portions of the legacy technology so minimal replacements ensure security. Or we refactor the code to the latest versions, re-writing the software to make it secure.
● For example, we managed upgrades from PHP version 4 or 5 to 8, Python 2 to Python 3 and so on. We can also rewrite server-side PHP code to Javascript for NodeJS.
Security is cheap
● Is faster and easier to integrate with new technologies
● Decreases maintenance cost since official security updates can be managed in-house, until close to deprecation.
● Decreases manhour cost, since junior software developers are available for hot new technologies, while legacy versions are mastered by senior developers.
Highlights
Code refactoring
Legacy version upgrade (ex: PHP 5 to 8)
Migrating to NodeJS
Automatic code updates
Quick system restore
Technology manuals
Software Audit
To ensure the security of software developed in an organization, the final step after coding and testing is the security audit. First, the remaining vulnerabilities following the coding process are checked, including avoiding known vulnerabilities in the language or libraries used. Secondly, the software may be subjected to a stress test to gain unauthorized access.
We independently review software products and processes and their compliance with initial specifications, globally accepted technical standards, and legal requirements. We check which parts of the application are no longer used and represent an inherent deprecation risk.
The results of the audit include both identified risks and recommendations.
Highlights
Code review
Vulnerabilty report
Unit testing implementation
Tech stack inspection
Code speed recommendations
Stress testings
Infrastructure and DevOps
DevOps as a Service
OPTI provides best-in-class DevOps support to enhance every stage of the development and deployment process. Leveraging industry-leading tools and techniques, this service includes:
Core services:
- Code versioning & CI/CD pipelines: Track, update, deploy and minimize risks with ease using Jenkins, GitLab, and other CI/CD tools.
- Server management & monitoring for self-hosted and cloud-based servers, ensuring constant uptime and efficient performance.
- Linux server hosting & services for web, email, and DNS services, supported by best practices for secure and rapid operations.
- Real-time monitoring with Datadog and SonarQube.
Certifications & expertise:
- Networking.
- Google Cloud Professional services.
Tools & technology stack:
- Infrastructure automation: Terraform, Ansible.
- Containerization: Docker for isolated, scalable deployments.
- Monitoring & code quality: SonarQube, Datadog for real-time feedback and quality control.
- High availability & load Balancing: Redundant infrastructure for 99.9% uptime using technologies like Varnish and NGINX.
Hosting and Infrastructure
Web hosting services
Fast servers with minimal overhead provide rapid security updates, utilizing Apache, Nginx, Tomcat, and more.
Database services
Data servers are configured for top performance, supporting master/replica setups, read/write balancing, and speed. Technologies include MySQL, Postgres, Cassandra, and Elasticsearch.
Email services
Reliable, compliant bulk email services (SPF, DKIM, DMARC) ensure safe, non-spam messaging.
Additional server solutions
DNS, Search, Reverse Proxy, and Firewall services are available on dedicated Linux servers, tailored for your unique requirements.
Load balancing and caching
Deliver content in milliseconds with Varnish and Nginx for high-demand environments.
High availability services
Redundant infrastructure and auto-restart options ensure uptime exceeds 99.9%.
Why OPTI?
- Focus on Business Processes & Automation – not just cloud, but operational results.
- Expertise in ERP/CRM (e.g. HubSpot) – clean pipelines for leads and sales, analytics in Google Cloud.
- AI as a Competitive Advantage – we design Gemini agents on your data (while respecting security and compliance).
- Security Culture – ISO 27001, SRE runbooks, “security-by-default” controls.
- International Experience – Romania, European Union, Israel, United States of America.
References
OPTI are always fast, also always prepared and friendly in discussing things in detail. After their 2025 infrastructure upgrade for our web and email services we finally saw email confirmations arriving in under a minute consistently
Daniel Zaharia
IT Manager, Bucharest Bar Association
Our goal was to build a web store that could offer more than one hundred thousand book titles. We needed a technology partner that can move quickly, easily customize the software involved and achieve tangible results in a reasonable time. OPTI has been that partner, from writing the software specs, populating the product catalog, developing the web store, and hosting and maintenance since the initial launch. It is with confidence that we recommend them.
Cartepedia.ro
eCommerce Platform
OPTI are always fast, also always prepared and friendly in discussing things in detail. After their 2025 infrastructure upgrade for our web and email services we finally saw email confirmations arriving in under a minute consistently
Daniel Zaharia
IT Manager, Bucharest Bar Association
Our goal was to build a web store that could offer more than one hundred thousand book titles. We needed a technology partner that can move quickly, easily customize the software involved and achieve tangible results in a reasonable time. OPTI has been that partner, from writing the software specs, populating the product catalog, developing the web store, and hosting and maintenance since the initial launch. It is with confidence that we recommend them.
Cartepedia.ro
eCommerce Platform
Extra Facilities
Permission systems and role-based access
Allow or deny users access to various parts of the application
Controlled access is a security technique for determining who can view or use various resources. The aim is to minimize the security risk posed by unauthorized access to confidential information.
We have successfully implemented RBAC (Role-based access control) permission systems in various organizations and systems. It restricts access to resources based on individuals or groups with very clear business functions (eg administrator, level 1 engineer, management). The role-based security model includes a complex structure of assignments, authorizations and permissions, built specifically to regulate users' access to the system.
Highlights
RBAC systems
Multi-role CMS
Domain-specific access
GDPR Personal Data Management
● Cookie management with mandatory marketing-external distinction.
● Registration, re-registration, updating of data with double confirmation
● Deletion of data with double confirmation on request
● Deletion at automatic intervals, depending on legal requirements and the minimum time required in business processes.
● Access to your own data - secure downloads
● Data transfer between companies according to the agreement of the holder
● Secure data archiving and archive restoration.
Highlights
Data cataloguing
Manual of procedures
Scheduled data review
Preferential data access
Data archive & restoration
Data breach detection
Technology
Configure and manage Amazon AWS, Google Cloud Hosting, Microsoft Azure and the OPTI cloud infrastructure.
Cloud infrastructure
Google Cloud (partner-level), Amazon Web Services, Azure
Custom APIs
Zapier, Salesforce, HubSpot, Azure, Google API
Analytics and tracking
Google Analytics, Piwik, Semrush
Relational Databases
MySQL, MariaDB, PostgreSQL, SQL Server, Oracle
Non-relational Databases
Google BigQuery, MongoDB, Redis, Cassandra, Firebase, Hadoop
Steps Overview
Step 1: Security and Infrastructure Audit
We conduct a complete assessment of your infrastructure and applications to identify vulnerabilities, security risks, and non-compliance points with standards like ISO 27001 or NIS2.
Step 2: Remediation Plan and DevOps Architecture
Based on the audit, we create a prioritized action plan. We design a secure and efficient architecture, including backup strategies, disaster recovery, and the implementation of a CI/CD pipeline to automate deployments.
Step 3: Security and DevOps Measures Implementation
We configure firewalls (WAF), monitoring systems, access policies (IAM), and data encryption. We implement DevOps tools (e.g., Docker, Terraform) to create a reproducible and secure Infrastructure as Code (IaC).
Step 4: Continuous Monitoring and Incident Management
We proactively monitor the infrastructure 24/7 to quickly detect and respond to any security or performance incidents. We establish clear alerts and runbooks for rapid issue resolution.
Step 5: Training and Compliance Reporting
We train your team on security best practices. We generate periodic security and compliance reports to demonstrate adherence to standards and to guide future decisions.
Quick Questions
What does 'DevOps as a Service' mean?
We provide full support for the development and deployment process, including version control (CI/CD), server management and monitoring, and infrastructure automation with tools like Terraform and Docker.
Can you work with legacy code?
Yes, we specialize in working with legacy code. We identify vulnerabilities and can refactor the code, for example, by upgrading from PHP 5 to version 8 or migrating to NodeJS.
Do your services cover GDPR and NIS2 compliance?
Yes, our security and consulting services are aligned with ISO 27001 standards and help with implementing legal requirements like GDPR and the NIS2 directive.
What technologies and methodologies are involved?
Infrastructure: Google Cloud, Amazon AWS, Microsoft Azure, Linux, Apache, Nginx, Varnish, Tomcat. DevOps & CI/CD: Jenkins, GitLab, Terraform, Ansible, Docker, SonarQube, Datadog. Standards: ISO 9001, ISO 27001, NIS2, GDPR.
Schedule a Meeting
Related Resources
![[UPDATE] The Romanian startup awards will be presented on March 12. Mr. Benny won 3rd place at the Romania Startup Awards 2026.](/images/new-post/small_long-romania-startup-awards-2026-mrbenny.jpg "[UPDATE] The Romanian startup awards will be presented on March 12. Mr. Benny won 3rd place at the Romania Startup Awards 2026.")
10.03.2026
NEW
The Romania Startup Awards will be held on Thursday, March 12. Mr.Benny, the OPTI Software spinoff for cybersecurity and IT management (NIS-2 compliance), is nominated in the top 60 technological innovations of the year
25.02.2026
AI procurement brings new Supply Chain risks. As a Google Cloud & ROTLD accredited partner, OPTI details the technical due diligence steps for NIS2 compliance.
11.02.2026
30-Day Sprint for AI adoption in your company. Structure your decision and preliminary analysis, before committing to actual development costs.