Let's bring solutions on the table !

I'm happy to bring Xygeni to you, in my newsletter and feed, as a new partner toward better #security and #privacy for the whole software development lifecycle (SDLC), aiming at better #cybersecurity practice !

As you know, I'm very picky on partnerships and solutions, as I want to see true value for a better and safer digital world, especially in the cloud wild west !

You know how much the digital world leaks, and a lot has to do with the lack of security by default and by design.

• The basic of cyber security involves "knowing what you have" (inventory), this is always a challenge, both in governance and in the software stack.
• In the software development world, the "pipeline" is what makes your production chain, from source code to deliverable (binaries, executables, libraries and so on).
• The acronym that covers the inventory part is "SBOM", which stands for "software bill of material"
• Each element of the software supply chain requires attention, at all steps, to avoid deploying or distributing vulnerable applications, or tools, leading to incidents.

This is a tool, as for any project, it needs stakeholder willing to do things right, and the impact, the efficiency must be quantifiable, measurable, as in the core of ISO27001 approach.

Let's not take this and becomes a shelfware ! Use it to reduce liability, spot malwares, misconfigurations, templates or blueprint alteration or errors, it's about integrity !

How are you keeping an eye on your CI/CD stack ? (continuous integration / continuous delivery, damn acronyms ! )

You still need to manage your attack surface and validate your controls

While tools or platforms like Xygeni will support your development process security from source code to delivery, it's just a part of your security journey.

You still need to cover your global organization's attack surface, assess the risks, patch vulnerabilities, and bring the security and privacy by default and by design in the whole environment.

You'd use data classification tools that you really control, like Upperity , supporting you governance effort, data integrity and signatures in your information management stack, allowing to achieve compliance at the same time.

You'd still need to validate your actual production environment security controls with pentesting, posture assessment and more with companies like Orenda Security .

You'd still need to consider managed security solutions for your endpoints, email security and awareness, with companies like VARS Corporation .

You should consider protecting and tracking your external file transfer with solutions like Kiteworks .

#####################

That's about it, I decided to take a solution / partner approach, as the vulnerabilities, patches, incidents are covered in my feed, or in other newsletters.

As I have the chance to establish partnerships with solutions providers that makes sense in the digital world, I think it's good to bring them to you.

If you discover a solution that works for you great ! It will be my contribution to the enhancement of the digital landscape.

We still have to cover the basics, even if OpenAI just released the fake video factory, and overall crime is using AI automation for attacks. Actually, your posture should be even better in such context !

Have a good weekend all, thank you for reading ! Thanks you for commenting and sharing !