How to Uncover Security Concerns When Customers Won’t Tell You

Spark Media Solutions, LLC | February 06, 2018

“What are your security concerns?” It’s the one question all security vendors want to know from potential customers. It’s also the one question potential customers don’t want to divulge for obvious security, privacy, and “I don’t have the time” reasons. All is not lost! There is still a way, in fact multiple ways, security vendors can sleuth out a company’s security needs. I asked a few security professionals how they go about figuring out the answer to the “what keeps you up at night” concern. Here’s their advice (plus one tip from me!): “While everyone likes to say their problems are unique and challenging in a way no one has ever seen before, it’s really not true,” said Michael Farnum (@m1a1vet), SA manager, Set Solutions. You may not even need to dig that deep, or at all. If your product solves a rudimentary security need you will probably already be in sync with a company’s security concerns. Farnum believes many organizations are still struggling just dealing with the basics of security.

Spotlight

Big Data Block (BDB™) combines Big Data solutions and blockchain technology utilizing Ethereum’s smart contract and token capabilities. BDB™ democratizes Big Data for everyone. Combining the best of Big Data and the best of blockchain we remove the deep technical skills and costs needed to leverage a Big Data environment and becoming the first BDaaS (Big Data as a Service) on a Blockchain.


Other News
VPN

Veracode Launches Container Security Offering That Secures Cloud-Native Application Development

Veracode | October 11, 2022

Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its Continuous Software Security Platform to include container security. This early access program for Veracode Container Security is now underway for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images. Veracode Chief Product Officer, Brian Roche, said, “As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency. This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.” The Requirement for Container Security is Rapidly on the Rise Containers are increasingly used to simplify software deployment and runtime environment configuration management. They comprise small, fast, portable units of software in which code is packaged so that an application can be run quickly and reliably in different computing environments—from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and capabilities that address related issues, such as service-to-service communication and configuration management. Instantiated in pipelines from code, containers have the benefit of immutability, meaning they are not updated, reconfigured or patched in production. Instead, the underlying image is updated with new capabilities and redeployed, helping to improve efficiency in the production environment. Despite the benefits of containers, they are affected by many of the same problems that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced through additional software, poorly managed secrets (like Amazon Web Services keys and credentials in Dockerfiles), and security misconfigurations. This has resulted in increased demand for products that address these issues and related problems, with the Global Container Security Market size expected to reach $3.9 billion by 2027*. Container security scanning analyzes container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that could lead to a vulnerability, and inadequate authentication and access control. Veracode Container Security Integrates into the Developer Environment Many products already in the market are aimed at securing containers in runtime and offer limited support for developers, posing a major challenge for early remediation. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available at the command line interface. Providing coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it delivers remediation advice to developers early in the software development life cycle so that insecure containers don’t ship to production. Veracode Container Security results are available in a variety of formats based on the user’s choice, including text, JSON (JavaScript Object Notation), and Software Bill of Materials (CycloneDX, SWID [Software Identification Tagging], or SPDX [Software Packaging Data Exchange]), making them easy to integrate with other tools. Providing developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure. “Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy into our cloud are secure,” said the Director of Information Security at an automotive company. “Without this tool, it would take our team weeks to receive and action container results and these would only have been available in limited formats. Now, we’re excited to integrate findings into the pipeline before they even move into production, creating time and cost efficiencies for our business.” About Veracode Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Read More

VIRTUAL DESKTOP STRATEGIES

Kyndryl and Citrix Announce Global Alliance to Help Customers Accelerate Adoption of Digital Workplace Virtualization Services and Solutions

Kyndryl and Citrix | October 03, 2022

Kyndryl the world’s largest IT infrastructure services provider, today announced a global alliance with Citrix to help businesses improve workplace collaboration and employee productivity to address the rapidly changing requirements of today’s hybrid workforce on a global scale. By leveraging the longstanding operational and industry expertise of Kyndryl’s Digital Workplace Services, powered by Citrix DaaS, both companies will continue to develop modernized, end-to-end IT management services and virtual desktop solutions across hybrid and multi-cloud environments for new and existing customers. Through the alliance, Kyndryl will extend the reach of its framework of flexible workplace modernization services designed and deployed for Citrix’s core technologies, including comprehensive desktop and application virtualization managed services that provide secure, remote access to corporate assets from any device or location, while enhancing overall employee satisfaction and end-user experiences. “Kyndryl and Citrix have worked side-by-side as longstanding partners for nearly two decades, and we’re thrilled to continue growing our relationship and customer offerings with Citrix,” said Ivan Dopplé, General Manager, Kyndryl Digital Workplace Services Global Practice. “Both companies have always remained hyper-focused on helping our global customers navigate the complexities of the modern-day workplace and embracing agility as the business landscape continues to shift at unprecedented speed.” Kyndryl currently provides managed application support services for over 400,000 Citrix users to enterprises around the world. The service offerings provided in collaboration with Citrix include: VDI/DaaS/Virtual App Transformation Services: Driving agility and best-in-class user experiences by building and transforming clients through the delivery of modern DaaS solutions Secure Remote Access Services: Delivering DaaS implementations that strengthen security postures and enhance protection of customer data while facing the challenges of growing remote workforces Cloud Migrations with Citrix Cloud: Helping customers accelerate their journey to the cloud by delivering an integrated digital workspace with advanced security capabilities that unifies multiple Citrix Cloud services onto a single, unified platform across on-premises, public and hybrid cloud environments. “Kyndryl is an important and trusted partnership for Citrix, with deep technical expertise in managing and delivering Citrix solutions across public and on-premises cloud platforms, Now more than ever before, workers are the most valuable asset for any organization, but businesses continue to face new challenges in successfully implementing the tools and technologies that foster real collaboration and productivity. With Kyndryl, our combined workplace solutions and skills have the unmatched ability to provide tangible impact and growth for our customers and their employees alike.” Michelle Senecal de Fonseca, Vice President, Citrix Global Cloud Innovation Strategic Partnerships About Kyndryl Kyndryl is the world’s largest IT infrastructure services provider serving thousands of enterprise customers in more than 60 countries. The Company designs, builds, manages and modernizes the complex, mission-critical information systems that the world depends on every day.

Read More

VIRTUAL SERVER INFRASTRUCTURE

Imprivata and IGEL Expand Partnership to Enable Secure, Single Sign-On Access for Microsoft Azure Virtual Desktop and Windows 365 Cloud PC

Imprivata | November 03, 2022

Imprivata, the digital identity company for mission- and life-critical industries, and IGEL, provider of the managed endpoint operating system for secure access to any digital workspace, today announced from Microsoft Ignite an expanded partnership which has resulted in the co-development of secure identity and access management for Microsoft Azure Virtual Desktop (AVD) and Windows 365 Cloud PC environments from IGEL OS. Together, the companies have integrated the Imprivata OneSign® digital identity platform into IGEL OS for seamless and secure access to workspaces powered by Microsoft Azure. This expanded Imprivata and IGEL partnership extends the companies' longstanding relationship which has empowered thousands of healthcare users to achieve secure, quick, and easy access to clinical applications using IGEL OS-powered endpoints. Through IGEL's active participation in the Imprivata Developer Program, the companies have jointly integrated Imprivata OneSign with IGEL OS to enable users of Microsoft AVD and Windows 365 Cloud PC seamless No Click Access® to desktops and applications using Imprivata single sign-on and authentication management technology. This gives healthcare organizations that want to migrate their digital workspaces to the cloud a new, secure option to use Microsoft's AVD or Windows 365 Cloud PC solutions in their clinical environments. "IGEL and Imprivata have collaborated for over a decade on delivering a secure and seamless single sign-on experience for the access our mutual customers need to workstations, applications and virtual desktops, We are pleased to now extend this secure digital identity capability for customers that want to benefit from extending their workspaces to the cloud with Microsoft AVD and Windows 365 Cloud PC. Together, our combined solution delivers the strong data security and simplified compliance healthcare organizations need when moving to Microsoft Azure-powered workspaces." Matthias Haas, Chief Technology Officer, IGEL "Our co-development work to integrate Imprivata OneSign with the simple, smart and secure IGEL OS has resulted in a unified solution for the compliant and safe access of digital workspaces, data and apps in the Azure cloud," said Wes Wright, Chief Technology Officer, Imprivata. "Now, organizations considering Microsoft AVD or Windows 365 Cloud PC have assurance that they can use the secure, friction-free digital identity and agile, easy to manage operating system from a single, proven solution." The Imprivata OneSign integration with IGEL OS is now available for beta customer trials. For more information or to register for trial access, please visit: www.igel.com/avd. To test drive IGEL OS on a LG or Lenovo laptop, please visit www.igel.com/whycompromise and use the code "PR2022." About Imprivata Imprivata is the digital identity company for mission- and life-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges with solutions that protect critical data and applications without workflow disruption. Its platform of interoperable identity, authentication, and access management solutions enable organizations in over 45 countries to fully manage and secure all enterprise and third-party digital identities by establishing trust between people, technology, and information.

Read More

VMWARE

Vodafone in Oman Extends Partnership With Netcracker, Adding Analytics, Integration Layer, DevOps and Managed Services Engagements

Netcracker | October 19, 2022

Netcracker Technology announced today that Vodafone in Oman has added analytics, DevOps processes and an integration layer to its ongoing engagement with Netcracker. This latest expansion to the partnership will further add to the operator’s data-driven capabilities, allowing it to grow and enhance its business and deliver an improved experience for customers. Vodafone entered the Omani market in December 2021 as the Sultanate’s third mobile operator, leveraging Netcracker Advanced Analytics to achieve end-to-end visibility across its business and operations and gain improved system availability and resilience. Netcracker DevOps Enablement includes a number of components to help Vodafone improve its DevOps processes as part of an overall operational transformation. The operator will also utilize Netcracker Support & Managed Services to optimize and improve business performance and extend coverage for Netcracker’s products and surrounding third-party systems. Overarching these projects is a new integration layer that will be critical to improving customer management, including functions such as service onboarding. “After a successful partnership with Netcracker to support the launch of our mobile business less than a year ago, we are taking the next step to leverage critical data and bring in DevOps and managed services processes to further improve our business and operations, By using these functions alongside a robust integration layer, we are confident that we will achieve increased revenue, lower OpEx and improve our engagement with our customers.” Stelios Savvides, Technology Director at Vodafone in Oman “By extending our relationship with these new projects, Vodafone in Oman is placing a high level of trust in Netcracker, which is an honor for us,” said Benedetto Spaziani, GM at Netcracker. “Our cutting-edge work with data and analytics, along with DevOps tools, processes and managed services best practices, will give Vodafone the advantage in the market and with current and future customers.” About Netcracker Technology Netcracker Technology, a wholly owned subsidiary of NEC Corporation, offers mission-critical digital transformation solutions to service providers around the globe. Our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations, unlocking the opportunities of the cloud, virtualization and the changing mobile ecosystem. With an unbroken service delivery track record of more than 25 years, our unique combination of technology, people and expertise helps companies transform their networks and enable better experiences for their customers. About Vodafone in the Sultanate of Oman Vodafone Oman was established through a strategic partnership between the Oman Future Telecommunication Company and Vodafone Group, one of the largest providers of mobile, fixed, broadband and digital TV services. In 2021, the Company obtained a Class I License to establish and operate public mobile telecommunications services in the Sultanate, becoming the third telecom operator in the local market. Vodafone seeks to employ the latest technologies and digital solutions in the world of telecommunications, aligning its efforts to contribute towards the achievement of the Oman Vision 2040 objectives. This is made possible by giving individuals, companies, and small and medium enterprises (SMEs) the opportunity to foster innovation. The Omanisation percentage within the Vodafone team exceeds 90%, showcasing the company's significant interest in developing local talent, knowledge exchange and localizing technology. These are further enhanced through the provision of a sophisticated work environment that stimulates self-development and creativity.

Read More

Spotlight

Big Data Block (BDB™) combines Big Data solutions and blockchain technology utilizing Ethereum’s smart contract and token capabilities. BDB™ democratizes Big Data for everyone. Combining the best of Big Data and the best of blockchain we remove the deep technical skills and costs needed to leverage a Big Data environment and becoming the first BDaaS (Big Data as a Service) on a Blockchain.

Resources