Engaging business units in security governance: Why everyone should be concerned

The idea that security is everyone’s business is a familiar refrain. But as enterprises look to combine the speed of software delivery with both cybersecurity and business value, they need to incorporate the idea that business is everyone’s business too. When talking about governance with regard to software development and security, you cannot ignore the business. Security governance typically operates at two levels. The first involves business executives who recognize the importance of security and … More

The post Engaging business units in security governance: Why everyone should be concerned appeared first on Help Net Security.

New infosec products of the week: March 20, 2020

HYAS Insight: A threat intelligence solution for investigation and attribution

HYAS Insight is a threat intelligence and attribution solution that improves visibility and productivity for analysts, researchers and investigators while vastly increasing the accuracy of their findings. HYAS Insight lets analysts connect specific attack instances and campaigns to billions of historical and real-time indicators of compromise faster than ever before, bringing invaluable new intelligence and visibility to security efforts.

infosec products March 2020

Contrast Security simplifies DevSecOps with Route Intelligence

Contrast Security announced Route Intelligence, a major new capability for application security. Legacy application security testing solutions simply point out potential vulnerabilities in application code and are plagued with false positives. When compared to traditional application security approaches, Route Intelligence saves security teams and application development teams massive amounts of time while reducing costs.

infosec products March 2020

Security Compass adds content to SD Elements, enables companies to meet CCPA compliance

Tracking regulatory standards and ensuring compliance with complex requirements is a challenge to even the most mature organizations. Security Compass has added content to SD Elements that enables organizations operating in California to maintain or achieve compliance under the California Consumer Privacy Act (CCPA).

infosec products March 2020

Box builds interoperability within Microsoft 365 environments to transform the way users work

Box announced new integrations with Microsoft 365, building on Box’s interoperability within Microsoft environments. Admins can use Box Shield to restrict printing and downloads of files in Box from Office 365 web editors (Word, PowerPoint, Excel) based on Box security classifications. Later this year, a new Azure AD integration will provide one-click single-sign-on (SSO), enabling customers to set up the configuration with minimal effort.

infosec products March 2020

Security Compass adds content to SD Elements to enable companies meet CCPA compliance

Security Compass, a software security company that provides organizations with technology to balance secure software development with speed of software delivery, announced that it has added content to SD Elements that enables organizations operating in California to maintain or achieve compliance under the California Consumer Privacy Act (CCPA).

Security Compass customers have immediate access to new content within the SD Elements platform, which was built for automating balanced development.

CCPA, in effect since Jan. 1, 2020, is the first major U.S. consumer privacy law enacted at the state level and aims to enhance consumer privacy rights and privacy notice requirements for residents of California.

This regulation impacts any business or entity that collects consumers’ personal information, does business in California, and satisfies one of the following conditions: achieves gross revenues exceeding $25 million; processes the personal information of 50,000 or more consumers, households or devices; or earns more than half of its annual revenue from selling personal information.

For many organizations, the concern with meeting this regulation means having to choose between developing software quickly and not being compliant, or meeting compliance requirements and not delivering software in the time frame required by the organization.

SD Elements provides organizations with continuous visibility and evidence of adherence to regulatory standards without slowing down the business.

“Security Compass is committed to helping our customers navigate the constantly changing landscape of cybersecurity laws and regulations. With SD Elements, organizations can automatically create an auditable record of all threat management activities to easily comply with new compliance requirements,” says Rohit Sethi, CEO of Security Compass.

“Agile development teams need the ability to manage security considerations for their entire technology stack, all while aligning compliance and risk priorities with business needs. We are focused on leading the industry towards more standardized approaches to security assessments and continuous monitoring for cloud products and services.”

Tracking regulatory standards and ensuring compliance with complex requirements is a challenge to even the most mature organizations. Security Compass is enabling organizations to achieve regulatory compliance for CCPA by automatically identifying and mapping applicable controls and translating those controls into guidance for associated software developer tasks; embedding compliance early into the software development life cycle (SDLC), and ensuring a standardized approach to CCPA compliance in software development is achieved across the organization.

SD Elements translates complex standards into easy-to-understand development and IT tasks, and the platform’s comprehensive knowledge base includes dozens of standards and regulatory frameworks coupled with consistent, actionable controls for each requirement.

Key benefits of SD Elements include transparency to show the completion status of coding, automation to reduce manual processes for monitoring, and scalability to reduce costs by proactively protecting software systems.

Security Compass enables CSPs to set up and develop their FedRAMP initiatives

Security Compass, a software security company that provides organizations with technology to make software secure, has introduced feature enhancements to SD Elements that enable cloud service providers (CSPs) to set up and develop their Federal Risk and Authorization Management Program (FedRAMP) continuous compliance initiatives in a coherent and structured way.

Available now, SD Elements customers will automatically receive FedRAMP reporting capabilities supported by new FedRAMP content in the knowledgebase, and SD Elements tasks with additional control requirements.

“Our customers are building innovative, highly effective technology and we are proud to provide the tools to meet FedRAMP compliance standards,” said Rohit Sethi, CEO of Security Compass.

“Just as you can integrate security into DevOps so that it is not a burden after development, our customers can start ATO certification earlier in the development process, so that it doesn’t present challenges at the end.”

To work with federal organizations, CSPs need to obtain FedRAMP authorization, or Authorization to Operate (ATO). In order to achieve ATO, CSPs must continuously monitor their controls and provide the required data regarding the status of controls to the authorizing agency.

With the goal of supporting companies involved in building software for the U.S. Federal Government, SD Elements provides powerful tools and guidelines to develop those initiatives and streamline activities, as well as context on how to implement FedRAMP controls based on project parameters.

SD Elements is a policy-to-execution platform that helps companies manage the ATO process by supporting all three ATO pathways. It automates ATO requirement generation by automatically identifying applicable items and translating ATO control objectives into actionable or prescriptive tasks for engineers.

SD Elements promotes DevSecOps by embedding security as early as the requirements phase thereby allowing development teams to adhere to the continuous ATO model for faster and more efficient ATO acquisition.

SD Elements reflects Security Compass’ commitment to leading the industry towards more standardized approaches to security assessments and continuous monitoring for cloud products and services. By automating the mapping of all applicable security controls, Security Compass is accelerating an organization’s path towards achieving ATO.

Security Compass secures funding to enhance solutions portfolio and accelerate growth

Security Compass, a leading provider of enterprise DevSecOps software solutions, announced it has secured growth equity funding from FTV Capital, a sector-focused growth equity investment firm.

This investment will enable Security Compass to enhance its position as a global leader in empowering organizations to achieve agility at scale by streamlining software risk management.

By leveraging FTV’s deep expertise and access to its Global Partner Network, Security Compass will further enhance its solutions portfolio and accelerate its planned global expansion.

To capitalize on the market opportunities presented by this partnership, Security Compass has appointed Rohit Sethi as the new CEO. Sethi, formerly COO and Security Compass’ first hire almost 13 years ago, has been an integral part of the organization and the creation of SD Elements.

CFO David Rea will take on the combined position of CFO and COO. As part of the transaction, FTV Capital partner Liron Gitig and principal Richard Liu, will join Security Compass founder Nish Bhalla on the Security Compass board of directors.

“Security Compass is thrilled to align with a world-class partner like FTV Capital. We are excited for the opportunity to tap into their expertise at scaling high growth companies and their deep understanding of this market opportunity,” said Security Compass CEO, Rohit Sethi.

“The strong trends towards agile development in DevOps, increased focus on application security and on improving risk management are on course for collision. Security Compass is uniquely positioned to help organizations address the inherent conflicts.

“With FTV’s investment, we’re poised to accelerate our growth while maintaining the culture of excellence we’ve worked so hard to build.”

According to the 2019 Data Breach Investigations Report, web applications continue to be the leading cause of security breaches. As security and privacy regulations such as Gramm–Leach–Bliley Act (GLBA) and FedRAMP continue to emerge, organizations are faced with having to compromise their agility.

Security Compass helps drive secure applications to the market in a timely fashion by making it simple for development teams to manage the security considerations of their entire technology stack – both the software itself, as well as the deployment and configuration requirements of the server and operating system.

“We’ve seen first-hand that security and risk management continue to be critical pain points for the financial institutions in our Global Partner Network,” said FTV Capital partner Liron Gitig.

“Security Compass’ SD Elements solution is uniquely focused on the software stack, enabling DevOps at scale by helping enterprises develop secure, compliant code from the start.

“SD Elements provides both engineering and non-engineering teams with a holistic solution for managing software security requirements in an efficient and reliable manner, alleviating meaningful friction in the software development life cycle, accelerating release cycles and improving business results.

“We are excited to work with the Security Compass management team in its next phase of global growth as a trusted information security partner.”

Over 200 enterprise customers now use Security Compass’ solutions to manage the risk of tens of thousands of applications. Founder and former CEO, Bhalla said, “Security Compass’ immense growth can be traced to our unique combined focus on creating an outstanding customer experience and retaining exceptional employees.

“It is the people at Security Compass who are the force behind our success. Our culture and values have attracted and retained top talent, which has led Security Compass to be recognized as the fourteenth best place to work in Canada.

“While I am stepping away from the CEO function, my heart will always be with the 220+ people who have helped build Security Compass to what it is today. I look forward to this next chapter that will be created by all of them.”

CIBC Innovation Banking, the technology and software lending practice at CIBC, was the sole lender in providing financing for this transaction.