Shiven Ramji’s Post

This week, @okta signed @CISA’s Secure by Design pledge. At Okta, we secure identity. The CISA Secure by Design pledge, which is being signed by companies around the globe, showcases our industry’s commitment to take meaningful steps in adopting secure by design principles, NOW. Learn more about this pledge: https://bit.ly/3UQNLbz At @okta, we believe that together we can lead the industry in the fight against Identity-based cyberattacks. Stemming from Okta’s Secure Identity Commitment, we will be hosting our first Okta CISO Forum tomorrow to discuss the role of Identity in business and explore challenges and solutions in building a more secure world for all. All of this, coupled with #RSAC and Okta's Showcase event. It’s an exciting week for the industry!  #cybersecurity #okta #securebydesign #identity

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) announced voluntary commitments by 68 of the world’s leading software manufacturers to CISA’s Secure by Design pledge to design products with greater security built in. The first pledge relates to MFA. Just implementing MFA reduces risk significantly. But it’s not enough. SMS is broken. As are TOTPs. It’s time for something new that is not only secure, but offers a built-in roadmap for future uses and functionality. Our answer is Cyphlens We welcome any of the 68 companies signing the pledge to work with us to secure not only our digital present, but our digital future too. #cisa #cybersecurity https://lnkd.in/edvZwcqD

Secure by Design initiative (Cybersecurity and Infrastructure Security Agency-CISA) aims to shift the cybersecurity burden away from end users and individuals to technology manufacturers. Recently, CISA announced that 68 of the world’s leading software manufacturers announced voluntary commitments to Secure by Design pledge. Several goals of the pledge are increasing the use of multi-factor authentication across the manufacturer’s products and publishing a vulnerability disclosure policy (VDP) within one year of signing the pledge. https://lnkd.in/dywzC-UX

CISA’s Secure by design CISA’s global Secure by Design initiative, launched last year, implements the White House’s National Cybersecurity Strategy by shifting the cybersecurity burden away from end users and individuals to technology manufacturers who are most able to bear it. CISA urges software manufacturers to review CISA’s Secure by Design guidance and Secure by Design alerts to build security into their products. Till date, nearly 160 software companies have signed Federal Secure by design The seven goals of the pledge are: 1)Multi-factor authentication (MFA). Within one year of signing the pledge, demonstrate actions taken to measurably increase the use of multi-factor authentication across the manufacturer’s products. 2) Default passwords. Within one year of signing the pledge, demonstrate measurable progress towards reducing default passwords across the manufacturers’ products. 3) Reducing entire classes of vulnerability. Within one year of signing the pledge, demonstrate actions taken towards enabling a significant measurable reduction in the prevalence of one or more vulnerability classes across the manufacturer’s products. 4)Security patches. Within one year of signing the pledge, demonstrate actions taken to measurably increase the installation of security patches by customers. 5) Vulnerability disclosure policy. Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products offered by the manufacturer, commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP, provides a clear channel to report vulnerabilities, and allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure best practices and international standards. 6) CVEs. Within one year of signing the pledge, demonstrate transparency in vulnerability reporting by including accurate Common Weakness Enumeration (CWE) and Common Platform Enumeration (CPE) fields in every Common Vulnerabilities and Exposures (CVE) record for the manufacturer’s products. Additionally, issue CVEs in a timely manner for, at minimum, all critical or high impact vulnerabilities (whether discovered internally or by a third party) that either require actions by a customer to patch or have evidence of active exploitation. 7) Evidence of intrusions. Within one year of signing the pledge, demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products. #CISA #Security #design #pledge https://lnkd.in/g_YXtnc4

☀️CISA’s Secure-by-Design Pledge adopted by 68 major software firms ☀️ Great news for cybersecurity worldwide! This week, the Cybersecurity Infrastructure and Security Agency (CISA) announced that 68 software firms, including major players like Microsoft and Google, have committed to the Secure-by-Design pledge. This initiative ensures that security features are integrated into technology products from the outset, rather than as an afterthought. CISA Director Jen Easterly emphasized the importance of this initiative, stating, “More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks.” The pledge includes seven key goals, such as multi-factor authentication and the elimination of default passwords, which aim to enhance security across all software products and services. Companies that signed the pledge have a year to demonstrate their progress, marking a significant step towards a safer technological landscape. CISA is also encouraging manufacturers of physical products to adopt these practices, highlighting the broader impact of this initiative. By taking this pledge, software manufacturers are not just protecting their customers but also contributing to national and economic security. CISA's initiative is a call to action for all technology providers to ensure their products are secure by design, setting a new standard for cybersecurity. #securebydesign #cybersecurity Article: https://lnkd.in/gTCNQXFZ

🔒 RSAC 2024: Leading Tech Giants Commit to Strengthening Cybersecurity with @CISA's Secure by Design Pledge 🔒 At this year's RSA Conference, some of the biggest names in tech – including Amazon Web Services (AWS), Microsoft, Google, Cisco, and IBM – have committed to the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge. This initiative, signed by 68 organizations, is a voluntary commitment to enhance product security within a year. The seven key goals are: Increase Multi-Factor Authentication (MFA) usage. Reduce Default Passwords across products. Eliminate Entire Classes of Vulnerabilities. Boost Security Patch Installation by customers. Publish a Vulnerability Disclosure Policy (VDP) that encourages public testing and reporting. Demonstrate Transparency in vulnerability reporting with accurate CWE and CPE fields in CVE records. Make Intrusion Detection Easier for customers. CISA director Jen Easterly emphasized the need to shift the security burden from end users to technology manufacturers, aiming for a more secure infrastructure through fundamentally secure software. This is crucial given the threats to US critical infrastructure from cyber adversaries. 🔗 Learn more about CISA's Secure by Design pledge and its impact on the future of cybersecurity. https://lnkd.in/d4-pQ4iX #RSAC2024 #Cybersecurity #CISA #SecureByDesign #TechInnovation

Zero-trust strategies are essential in today’s cybersecurity landscape, but they often lead to a wide range of blind spots, losing visibility into the very applications they are trying to protect. This is where #UnifiedObservability comes in. ✅ In this VMblog article, our CIO Fernando Castanheira explains how observability solutions not only support zero-trust security but also enable better performance and greater productivity, leading to improved business outcomes. Read more: https://rvbd.ly/3UB3iuT

🔐 Adopting #zerotrust cybersecurity measures is crucial for state and local governments, but they are encountering significant challenges along the way. Outdated technology and infrastructure, lack of documentation, and lengthy vendor contracts are all posing obstacles to their efforts. In an insightful article published by Route Fifty, Matt Keller, Vice President, Federal Services at GuidePoint Security, sheds light on the drawbacks of current agency approaches. He highlights the potentially undermining impact of legacy technology on the effective implementation of #zerotrust strategies. 🏛️ State and local governments play a vital role in safeguarding critical data and ensuring the resilience of our public services. However, it is evident that their pursuit of enhanced #cybersecurity is hindered by these underlying issues. To read the full article and gain a comprehensive understanding of the challenges faced by state and local governments in their #zerotrust adoption journey, follow this link: https://okt.to/vurtEj Let's support their efforts and advocate for innovative solutions that can overcome these barriers. Together, we can pave the way towards safer and more secure government operations. #govtech #cybersecurity

Why Leading Organizations Must Continue To Invest In Information Systems Infrastructure In The Second Half Of 2024: Why Leading Organizations Must Continue To Invest In Information Systems Infrastructure In The Second Half Of 2024: Key Benefits and Strategic Advantages Investing in information systems infrastructure is crucial for leading organizations, especially in the second half of 2024. With a growing reliance on digital operations and cyber threats increasing, the need for secure and […] The post Why Leading Organizations Must Continue To Invest In Information Systems Infrastructure In The Second Half Of 2024 appeared first on TruTech. #Uncategorized

The OMB's zero-trust cybersecurity strategy, introduced in early 2022, mandates that Federal agencies must transition to a zero-trust security framework by the end of fiscal year 2024. With the deadline set for September 2024, federal agencies need to show they have shifted their cybersecurity approach by implementing some form of zero-trust architecture. This change requires organizations to move away from traditional perimeter-based security models and embrace a "never trust, always verify" approach to safeguard our nation's critical networks. The deadline for this significant cybersecurity shift is rapidly approaching... what implications does this have for federal agencies, partners, and suppliers?