attentionstealthy

stealthy  时间:2021-01-12  阅读:()
WhitePaperVMwareandtheNeedforCyberSupplyChainSecurityAssuranceByJonOltsik,SeniorPrincipalAnalystSeptember2015ThisESGWhitePaperwascommissionedbyVMwareandisdistributedunderlicensefromESG.
2015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance22015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
ContentsExecutiveSummary3CyberSupplyChainSecurityRealities3CyberSupplyChainSecurityCanBeDifficult4CISOsareBolsteringCyberSupplyChainSecurityOversight.
5CyberSupplyChainSecurityAssurance.
7TheVMwareTrust&AssuranceFramework.
8TheBiggerTruth10Alltrademarknamesarepropertyoftheirrespectivecompanies.
InformationcontainedinthispublicationhasbeenobtainedbysourcesTheEnterpriseStrategyGroup(ESG)considerstobereliablebutisnotwarrantedbyESG.
ThispublicationmaycontainopinionsofESG,whicharesubjecttochangefromtimetotime.
ThispublicationiscopyrightedbyTheEnterpriseStrategyGroup,Inc.
Anyreproductionorredistributionofthispublication,inwholeorinpart,whetherinhard-copyformat,electronically,orotherwisetopersonsnotauthorizedtoreceiveit,withouttheexpressconsentofTheEnterpriseStrategyGroup,Inc.
,isinviolationofU.
S.
copyrightlawandwillbesubjecttoanactionforcivildamagesand,ifapplicable,criminalprosecution.
Shouldyouhaveanyquestions,pleasecontactESGClientRelationsat508.
482.
0188.
WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance32015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
ExecutiveSummaryThecommonsaying,"mayyouliveininterestingtimes"isactuallytheEnglishtranslationofatraditionalChinesecurse.
ThisrealityissomewhatironicasCISOsandcybersecurityprofessionalswouldlikelyagreethattheyindeedliveinaveryinterestingbutdifficulttime.
WhyCyberthreatshavebecomemoreubiquitous,stealthy,andtargetedwhiletheITattacksurfacecontinuestoexpand,drivenbycloudcomputing,InternetofThings(IoT)initiatives,andmobileapplicationuse.
EnterpriseorganizationsnowrealizethatweliveinauniquetimeofincreasingITriskandarerespondingaccordingly.
Corporateexecutivesandboardsareparticipatingmoreintheirorganizations'cybersecuritystrategiestomitigatebusinessandtechnologyrisk.
Manyfirmshaveincreasedcybersecuritybudgetsaswellandarenowpurchasinganddeployingapotpourriofnewsecurityanalyticssystemsandlayersofdefense.
Allofthisactivityisastepintherightdirection—butitisjustnotenough.
VMwarehasintroducedanewinitiativecalled"VMwareTrustandAssurance,"whichhelpsanswercustomers'questionsaboutVMware'ssecurityanddevelopmentpracticesandprovidesgreatertransparencyaroundhowitdevelops,builds,secures,andsupportsitsapplications.
Thiswhitepaperconcludes:Organizationsareexposedtovulnerabilitiesinthecybersupplychain.
Thecybersupplychainintroducestheriskthataproductorservicecouldbecompromisedbyvulnerabilitiesand/ormaliciouscodeintroducedadvertentlyorinadvertentlyduringproductdevelopmentormaintenance,dueinparttoincreasingglobalizationoftheITsupplychain.
Consequently,ITproductsandservicesbuiltonafoundationofbroaddiversecybersupplychainsmayincreasetheriskofadevastatingcyber-attacktocustomers.
ITrisksarenotlimitedtocorporateLANs,WANs,anddatacenters.
Rather,enterprisesremainatriskforcyber-attacksthattakeadvantageofvulnerabilitiesexistinginITequipment,businesspartnernetworks,non-employeedevices,etc.
Asthesayinggoes,"thecybersecuritychainisonlyasstrongasitsweakestlink.
"Regrettably,muchofthecybersecuritychainresidesoutsidetheperimeterfirewallandthusneedsproperoversight,cybersecuritybestpractices,andamplelayersofdefense.
CISOsarepushingbackonITvendors.
PragmaticcybersecurityprofessionalsnowrealizethattheirstrategicITvendorscanmakeorbreakthecybersecuritychain.
Intheworstcase,insecurepartnersorITsystemscanbeusedasastaginggroundforadevastatingdatabreach.
Tominimizerisk,manyenterpriseorganizationsareaddressingcybersupplychainsecuritybyauditingITvendors'securityprocessesandmakingpurchasingdecisionsbaseduponavendor'sabilitytomeetincreasinglyrigorouscybersecurityrequirements.
ITvendorsmustdevelopcybersupplychainsecurityassurancecapabilities;TheVMwareTrustandAssuranceFrameworkservesasamodelfortheindustry.
Enterprisecybersecurityrequirementswillcontinuetobecomemorerigidinthefuture.
Asthissituationevolves,CISOswillonlydobusinesswithtrustedITvendorswithdemonstrablecybersupplychainsecurityassuranceprogramsthatincludeallaspectsoftheirproductdevelopment,testing,distribution,deployment,customization,andsupport.
VMware'sTrust&Assuranceinitiativeservesasamodelofthetransparencyneededforcybersupplychainsecurityfortheindustry.
CISOsshoulddemandasimilarresponsefromallstrategicITvendors.
CyberSupplyChainSecurityRealitiesOrganizationslargeandsmallarechangingtheirbehaviorwithregardstocybersecurityinresponsetotheincreasinglydangerousthreatlandscapeandhighly-publicizeddatabreaches.
Infact,manyorganizationsnolongerconsidercybersecurityanITissuealone.
Alternatively,cybersecurityriskisnowabusinessprioritythatgetsampleattentionwithbusinessexecutivesandcorporateboards.
AccordingtoESGresearch:WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance42015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
Whenaskedtoidentifythebiggestdriverfortechnologyspendingoverthenext12months,46%oforganizationspointedtosecurityandriskmanagementinitiatives.
Thiswasthemostpopularresponse,quiteabithigherthanthesecondmostpopularanswer,"costreductioninitiatives,"whichcameinat37%.
Justoverone-thirdoforganizations(34%)saythatInformationsecurityinitiativesarethemostimportantITprioritythisyear.
Onceagain,thiswasthetopresponse.
59%oforganizationssaidthattheirITsecuritybudgetsfor2015wouldincreasewhileonly9%saidtheywoulddecreaseinfosecbudgetsthisyear.
1Increasingfocusoncybersecurityhasresultedinlotsofactivity,asmanyorganizationsaddlayersofdefensetotheirnetworks,implementnewsolutionsforincidentdetectionandresponse,andbolstersecuritymonitoringandanalyticsefforts.
TheseinternaleffortsareagoodstartbutagrowingnumberofCISOsrealizethatcybersecurityriskextendsbeyondtheLAN,WAN,andcorporatedatacenterstoalargerpopulationofcustomers,suppliers,andbusinesspartners.
Thislargercybersecurityuniverseissometimesreferredtoasthecybersupplychain,whichESGdefinesas:"Theentiresetofkeyactorsinvolvedwith/usingcyberinfrastructure:systemend-users,policymakers,acquisitionspecialists,systemintegrators,networkproviders,andsoftwarehardwaresuppliers.
Theseusers/providers'organizationalandprocess-levelinteractionstoplan,build,manage,maintain,anddefendcyberinfrastructure.
"Cybersupplychainsecurityissuesarenotuncommon.
Forexample:In2008,theFBIseized$76millionofcounterfeitCiscoequipment.
AspartoftheStuxnetincidentin2010,fivecompaniesactingascontractorsfortheIraniannuclearprogramhadtheirnetworkscompromisedinordertogaintrustedaccesstogovernmentnuclearfacilities.
Thesuccessful2013databreachatTargetCorporationwaseventuallytracedtosystemcompromisesatFazioBrothers,oneofTarget'sHVACcontractors.
HackersusedFazioBrothersasastaginggroundandusedthecompany'snetworkaccessasanattackvector.
CyberSupplyChainSecurityCanBeDifficultSomeCISOsrecognizetherisksassociatedwiththeircybersupplychainsecurityandthisisespeciallytruefororganizationsthatdependuponarmiesofexternalbusinesspartners,contractors,orsuppliersaspartoftheirbusinessoperations.
Unfortunately,cybersupplychainsecuritybestpracticesaren'teasyastheyrequireconstantoversightofthestateofcybersecurityrelatedtoITequipmentproviders,softwarevendors,connectedbusinesspartners,etc.
Infact,cybersupplychainsecurityseemstobegrowingincreasinglyproblematicforsomefirms.
InarecentESGresearchsurveyofcriticalinfrastructuresectororganizations(i.
e.
,chemicalsector,emergencyservices,energysector,financialservices,healthcare,telecommunications,etc.
),40%ofcybersecurityprofessionalsadmittedthatcybersupplychainsecurityhasbecomemoredifficultoverthepastfewyears,andthosewhodidsuppliednumerousreasonsforthatincreaseddifficulty(seeFigure1):44%ofcriticalinfrastructuresectororganizationssaythattheirorganizationhasimplementednewtypesofITinitiatives,increasingthecybersupplychainattacksurface.
TheseinitiativesincludeBYOD,cloudcomputing,InternetofThings(IoT)projects,andthegrowinguseofmobileapplicationsanddevices.
39%ofcriticalinfrastructuresectororganizationssaytheirorganizationhasmoresuppliersthanitdidtwoyearsago.
Thisistobeexpected,giventhewaveofITinnovationaroundsoftware-defineddatacenters,cloudplatforms,virtualnetworks,etc.
36%ofcriticalinfrastructuresectororganizationssaythattheirorganizationhasconsolidatedITandoperationaltechnology(OT),increasingthecomplexityofcybersupplychainsecurity.
Inthesecases,CISOs1Source:ESGResearchReport,2015ITSpendingIntentionsSurvey,February2015.
WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance52015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
areforcedtosecurebusiness-criticalbutunfamiliartechnologieslikeprogrammablelogiccontrollers(PLCs)andsupervisorycontrolanddataacquisition(SCADA)systemsusedforindustrialoperations.
2Figure1.
ReasonsWhyCyberSupplyChainSecurityHasBecomeMoreDifficultSource:EnterpriseStrategyGroup,2015.
AsidefromtheassortmentofissuesdescribedinFigure1,CISOsoftenvoiceotherconcernstoESG.
Forexample,manysecurityexecutivesareanxiousaboutthegrowinguseofopensourcecomponents(andvulnerabilities)aspartofcommercialsoftware(i.
e.
,Heartbleed,OpenSSL,Shellshock,etc.
).
CISOsalsoworryaboutthingslikerogueinsidersworkingforITsuppliersanddataprivacyrelatedtosensitiveinformationmovedtothecloudbyITvendorsandbusinesspartners.
Dataprivacyandcybersupplychainsecurityissuescanalsobeasourceconcerndrivenbyglobal"follow-the-sun"developmentpracticesandcloudarchitectures,aswellasemergingregulationsliketheEUDigitalSingleMarketinitiative.
CISOsareBolsteringCyberSupplyChainSecurityOversightAscybersecuritymorphsfromatechnologytoabusinessissue,CEOsandcorporateboardsaregainingabetterperspectiveofcybersupplychainsecurityrisks.
Thisisdrivingachainreaction—businessexecutivesarepushingCISOstomitigatecybersupplychainrisk,causingcybersecurityexecutivesandpurchasingmanagerstoplacemorestringentcybersecurityrequirementsontheirITvendors.
2Source:ESGResearchReport,CyberSupplyChainSecurityRevisited,September2015.
AllESGresearchreferencesandchartsinthiswhitepaperhavebeentakenfromthisresearchreportunlessotherwisenoted.
34%34%36%39%44%0%5%10%15%20%25%30%35%40%45%50%MyorganizationhassourcedITproducts,components,andservicesfromothercountriesoverthepastfewyearsandthesechangesmaybeincreasingcybersupplychainsecurityriskMyorganizationhasincreasedthenumberofexternalthird-partieswithaccesstoourinternalITassetswhichhasincreasedthecybersupplychainattacksurfaceMyorganizationhasconsolidatedITandoperationaltechnologysecuritywhichhasincreasedthecomplexityofcybersupplychainsecurityMyorganizationhasmoresuppliersthanitdidafewyearsagoMyorganizationhasimplementednewtypesofITinitiativeswhichhasincreasedthecybersupplychainattacksurfaceYouindicatedthatcybersupplychainsecurityhasbecomemoredifficultatyourorganizationoverthepastfewyears.
Whydoyoubelievethatthisisthecase(Percentofrespondents,N=180,multipleresponsesaccepted)WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance62015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
ESGresearchillustratesthistrendwithanextensivearrayofsecurityconsiderationsforITvendorsascriticalinfrastructuresectororganizationsevaluateandpurchaseITproductsandservices.
Forexample,35%examineavendor'sexperienceandtrackrecordrelatedtosecurityvulnerabilitiesandsoftwarepatches,35%lookatavendor'soverallsecurityexpertiseandreputation,and32%contemplateavendor'sreputationandindustryexpertise(seeFigure2).
Figure2.
CybersecurityEvaluationConsiderationsforITPurchasingofProductsandServicesSource:EnterpriseStrategyGroup,2015.
TofurtherappraiseITvendorsecurity,manyorganizationsarealsoadoptingaformalcybersecurityauditprocessaspartoftheirITprocurementprocess.
Forexample,91%ofcriticalinfrastructuresectororganizationsauditthecybersecurityoftheirstrategicsoftwarevendors(i.
e.
,alwaysconductauditsordosoonanas-neededbasis),90%auditthecybersecurityoftheircloudserviceproviders,and88%auditthecybersecurityoftheirstrategicITinfrastructurevendors.
9%14%17%18%20%22%24%29%31%32%35%35%0%10%20%30%40%Locationofvendor'scorporateheadquartersLocationofvendor'sproductdevelopmentand/ormanufacturingoperationsVendor'suseofthird-partiesaspartofitsoverallproductdevelopment,manufacturing,testing,andmaintenanceVendor'sformalanddocumentedsecureproductdevelopmentprocessesVendor'sISOcertificationSecuritybreachesofvendororganizationVendor'semergencyresponse/problemescalationproceduresVendor'sprofessionalservicesofferingsforsecureITproductassessment,planning,anddeploymentVendor'sreputationandexpertiseinourindustryVendor'scybersupplychainriskmanagementprocessesVendor'soverallsecurityexpertise/reputationVendor'sexperienceandtrackrecordrelatedtosecurityvulnerabilitiesandsubsequentfixesofitsproductsThefollowingisalistofsecurityconsiderationsanorganizationmayevaluatebeforepurchasingITproductsandservices.
Whichofthefollowingconsiderationsaremostimportanttoyourorganizationduringtheproductevaluationandpurchaseprocess(Percentofrespondents,N=303,threeresponsesacceptedperrespondent)WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance72015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
Theseauditsarebecomingincreasinglycomprehensive.
AsESGresearchillustrates,ITvendorcybersecurityauditsincludethingslikehandsonreviewsofavendor'ssecurityhistory,reviewsofavendor'ssecuritydocumentation,processes,andmetrics,andreviewsofvendors'owninternalITandcomplianceaudits(seeFigure3).
Figure3.
MechanismsUsedInITVendorAuditsSource:EnterpriseStrategyGroup,2015.
CyberSupplyChainSecurityAssuranceTheESGresearchpresentsaclearpicture—high-securityenterpriseorganizationsareincreasinglydemandinggreatercybersecuritybestpracticesfromtheirstrategicITvendors.
Furthermore,vendors'cybersecuritypolicies,processes,andmetricsarebecomingadeterminingfactorforITprocurementasadvancedorganizationsarenowselectingstrategicITvendorsbaseduponanewstandard,cybersupplychainsecurityassurance,definedas:28%30%40%42%44%49%51%52%54%0%10%20%30%40%50%60%SendvendorastandardlistofquestionsonpaperandthenreviewtheirresponsesOn-siteinspection(s)ofvendor'sfacilitiesReviewanyrecentpenetrationtestingresultsandsubsequentremediationplansDemandvendorcertificationsHands-onreviewofdocumentation,processes,securitymetrics,andpersonnelrelatedtoavendor'ssecurityprocessesHands-onreviewofdocumentation,processes,securitymetrics,andpersonnelrelatedtoavendor'sproductdevelopmentprocessesReviewofvendor'ssecurityauditsHands-onreviewofdocumentation,processes,securitymetrics,andpersonnelrelatedtoavendor'ssupplychainsecurityprocessesHands-onreviewofvendor'ssecurityhistoryYouhaveindicatedthatyourorganizationconductsauditsofitsITvendors'securityprocesses.
WhichofthefollowingmechanismsdoesyourorganizationusetoconducttheseITvendorsecurityaudits(Percentofrespondents,N=294,multipleresponsesaccepted)WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance82015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
Cybersupplychainsecurityassuranceisthepracticeofmanagingcybersupplychainrisksrelatedtothepeople,processes,andtechnologiesusedtodesign,develop,produce,distribute,andimplementIThardware,software,andservices.
Toparsethisdefinitionfurther,cybersupplychainsecurityassuranceincludes:Secureproductdevelopment.
Thisincludesasecuresoftwaredevelopmentlifecycle,assessment,andtestingofopensourceandthirdpartycodeincludedinvendorproducts,andconsiderationofthecybersecuritypracticesofallcontractorsandsuppliersthatparticipateinsoftwaredevelopmentorhardwarebillofmaterials.
Adequatesecurityskills.
Tominimizerisksassociatedwithhumanerror,productdevelopers,testers,andotherhandlersmusthavesuitableandup-to-datecybersecurityskills.
Therightcybersecurityprocessesandprocedures.
Vendorsmustbacktheirday-to-dayoperationswithcybersecuritybestpracticesforriskmanagement,threatprevention,andincidentresponse.
Additionally,ITvendorsmustemploycybersecuritybestpracticesforinternalITthemselves.
Field-levelcybersecurityexpertise.
EvenwhencybersecurityfeaturesareembeddedinITsystems,overwhelmedcustomersmaynotknowhowtoconfiguredevicesorcustomizesystemsfortheirindividualsecurityneeds.
Vendorswithleadingcybersupplychainsecurityassuranceskillshavefield-levelemployeesorpartnerswhocanhelpcustomersconsumeandbenefitfromproductsecurityfeaturesandfunctionalityupondeploymentandcontinuallyovertime.
Strongcybersecuritycustomersupport.
Whilevendorsshoulddoalltheycantodevelop,distribute,anddeploysecureproducts,theyalsomusthavetherightpreparationforinevitablesecurityvulnerabilities.
Cybersupplychainsecurityassurancedemandsthatvendors'securityteamsmonitorthelatestattacktrendsandworkwiththegreatersecuritycommunitytoensuretimelyawarenessofnewvulnerabilitiesthatcouldimpacttheirproducts.
Oncevulnerabilitiesaredetected,vendorsmustalsohavehighlyefficientprocessesfordeveloping,testing,anddistributingsoftwarepatches.
Finally,vendorsmusthaveahighlytrainedstafftoguidecustomersthroughsecurityfixesasneeded.
TheVMwareTrust&AssuranceFrameworkESGbelievesthatcybersupplychainsecurityassuranceisstartingtohaveamarketimpact,creatingaclearlineofdelineationbetweenITvendorswithtruecybersecuritycommitmentsandthosethatremainbehind.
Sadly,manyITvendorshavenotembracedtherightlevelofcybersupplychainsecurityassurance,puttingtheircustomersatrisk.
Sinceitsformationin1998,VMwareCorporationhasgrownandevolveditsroleatenterpriseorganizations.
Earlyon,VMwareservervirtualizationtechnologywasusedprimarilybyITdepartmentsforsoftwaretestinganddevelopment.
Overtime,largeorganizationsembracedVMwareinproductiondatacentersforserverconsolidation.
Mostrecently,VMwarehasbecomeastrategicITvendoratmanyenterpriseorganizationsasVMwaretechnologyisoftendeployedonendpoints,indatacenters,andacrosspublicandprivatecloudinfrastructure.
AsitadvancedfromtacticaltostrategicITvendor,VMwarefacedapatternofincreasingcybersecurityscrutinyfromdemandingpublicandprivatesectorcustomers.
Toaddressthis,VMwaremanagementintroducedaninternalfocusoncontinuouscybersecurityimprovementseveralyearsago.
ThiseffortculminatedrecentlywithaninitiativecalledVMwareTrust&Assurance,whichiscomposedoffourguidingprinciples:Reliability.
WithintheVMwareTrust&Assuranceframework,thecommitmenttoreliabilityincludes:ProductperformanceandscalabilityinordertoensurethatVMwareproductscanmeetenterprisedemands.
ApervasivecultureofevangelismandeducationtokeepVMwareemployeesandcustomerseducatedandengagedonrapidly-changingcybersecurityrisks.
WhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance92015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
ResearchdedicatedtoenhancingVMwareproductperformanceandreliabilitywhileworkingwithcustomersonassociatedprojectplanning,testing,deployment,andoptimization.
QualitymetricsandcontinuousimprovementassociatedwithVMwareproducts,people,andpartners.
Integrity.
ThisprinciplealignswithVMware'ssoftwaredevelopmentandcomprises:TheVMwaresoftwaredevelopmentlifecycle.
VMwarehadbuiltadevelopmentprocessthatincludesformalrepeatableprocessesforsoftwaredesign,testing,documentation,release,andongoingsupport.
Complianceandrisk.
Alongwithitspartners,VMwaredevelopedthecompliancereferencearchitectureframework(RAF)thatalignsitstechnologywithregulatorycompliancerequirementsacrossindustries.
Softwaresupplychainmanagement.
VMwareisaddressingitsowncybersupplychainpracticesinanumberofareasincludingIPprotection,sourcecodesharing,riskmanagementassessment,andproactivesoftwaresecurityprogramswithstrategicpartnersandsuppliers.
Privacy.
Toprotectcustomerprivacy,VMwaredefinesitsprivacypolicytocustomers,specifyingwhatdataitcollectsandhowitisused.
VMwarefollowsa"privacybydesign"frameworktoprovidetransparencyonprivacyasitrelatestoproducts,services,andsupport.
Security.
VMwarehasintroducedstrongcybersecuritythroughoutitsorganization.
Examplesofthisinclude:Productsecurity.
VMwarehascreatedaproductsecurityteamresponsibleforoversightofallproductsecurity.
Thisgroupsupervisessecuritydevelopmentprocessesandmetricswitheachproductteamandisresponsiblefordemonstratingcontinuousimprovement.
Securitydevelopmentlifecycle.
Thisextendsbeyondthesecuresoftwaredevelopmentlifecycleandincludessecuritytraining,planning,serviceability,aswellasresponseplanning,productsecurityrequirementsassessment,andoverallsecuritymonitoring.
Thesecurityresponsecenter.
VMwareemploysateamofsecurityresearchers,softwaredevelopers,andsupportstafftofindvulnerabilities,developfixes,andworkwithcustomersandpartnersfortimelydistributionanddeploymentofsecurityfixes.
ITsecurity.
Likealllargeenterprises,VMware'scorporateinfrastructureisundercontinualattacksfrommaliciousindividualsandentities.
Toaddressthisrisk,VMwaremaintainscybersecuritybestpracticesoninternalnetworksandsystems.
Commitment.
Tomakecybersupplychainsecurityassurancepervasiveineverythingitdoes,VMwarehasmadecybersecuritypartofitscorporateculture.
Ofcourse,thisrequiresatruecybersecuritycommitmentincluding:Continuingproductdevelopment.
VMwarehasestablishedacontinuingproductdevelopmentorganization,whichactsasasinglepoint-of-contactforaddressing,escalating,andresolvingproductandcustomercybersecurityissues.
Ecosystemservices.
VMwareunderstandsthatitscybersecuritysupplychainincludesanetworkofhundredsofotherITvendorandservicespartners.
VMwareprovidestechnicalsupport,testing,cooperativesupportservices,andrules-of-engagementtoensurestrongcybersecurityinthefield.
Customeradvocacy.
VMwarerecognizesthatcybersecurityprofessionalsareacommunityoflike-mindedindividualswithafewcommongoals—mitigatingITriskandprotectingcriticalITassetsanddata.
Tosucceed,VMwaredependsuponapartnershipofequalswithVMwareWhitePaper:VMwareandtheNeedforCyberSupplyChainSecurityAssurance102015byTheEnterpriseStrategyGroup,Inc.
AllRightsReserved.
participatinginthecybersecuritycommunityratherthandictatingitsownITvendoragenda.
VMwareseekstofacilitatethisrelationshipwithsecurityresearch,workshops,benchmarks,securityeducation,andsocialmediacampaigns.
WithitsTrust&Assuranceinitiative,VMwareistakinga360degreeperspectiveoncybersecuritythatencompassesitsproducts,partners,customers,employees,andthecybersecuritycommunityatlarge.
Inthisway,VMwarehasnotonlyrespondedtoitsenterprisecustomers'needforgreatertransparencyrelatedtocybersupplychainsecurity,butisalsosettinganexamplethatshouldbeemulatedbyotherITvendors.
TheBiggerTruthCISOsfaceadauntingareaofchallenges.
Cyberthreatsgrowmorevoluminous,sophisticated,andtargetedwhileITinfrastructuregetsmorecomplexasnetworkperimetersdisappear.
Yes,thesechangesdemandanincreasingcommitmenttocybersecurityoversight,riskmanagement,andtightsecuritycontrolsbuttheseeffortssimplycan'tbelimitedtocorporateLANs,WANs,anddatacenters.
Rather,CISOsmustunderstandtherisksassociatedwiththeircybersupplychains,andestablishbestpracticesforcybersupplychainsecurity.
ESGresearchindicatesthatthistransitionisalreadyinprogress,causingmanyorganizationstoauditthesecurityoftheirITproductandservicesvendors.
Leadingedgeenterprisesarealsomakingpurchasingdecisionsbasedupontheirvendors'cybersupplychainsecurityassuranceprograms.
Movingforward,moreorganizationswilllikelyfollowsuit.
UnlikemanyotherenterpriseITvendors,VMwareiswellpreparedforthisincreasinglevelofcybersecurityoversight.
Infact,theVMwareTrust&Assuranceinitiativeisdesignedtomeetandexceedthegrowingneedforgreatertransparencyrelatedtoenterprisecybersecurity.
Assuch,VMwareissettinganexamplefortheITindustryatlarge.
CISOswouldbewellservedtodemandsimilarcybersupplychainsecurityassurancefromALLoftheirstrategicITvendors.
20AsylumStreet|Milford,MA01757|Tel:508.
482.
0188Fax:508.
482.
0218|www.
esg-global.
com

百纵科技(1399元/月)香港CN2站群232IP

湖南百纵科技有限公司是一家具有ISP ICP 电信增值许可证的正规公司,多年不断转型探索现已颇具规模,公司成立于2009年 通过多年经营积累目前已独具一格,公司主要经营有国内高防服务器,香港服务器,美国服务器,站群服务器,东南亚服务器租用,国内香港美国云服务器,以及全球专线业务!活动方案:主营:1、美国CN2云服务器,美国VPS,美国高防云主机,美国独立服务器,美国站群服务器,美国母机。2、香港C...

UCloud 618活动:香港云服务器月付13元起;最高可购3年,AMD/Intel系列

ucloud6.18推出全球大促活动,针对新老用户(个人/企业)提供云服务器促销产品,其中最低配快杰云服务器月付5元起,中国香港快杰型云服务器月付13元起,最高可购3年,有AMD/Intel系列。当然这都是针对新用户的优惠。注意,UCloud全球有31个数据中心,29条专线,覆盖五大洲,基本上你想要的都能找到。注意:以上ucloud 618优惠都是新用户专享,老用户就随便看看!点击进入:uclou...

spinservers($89/月),圣何塞10Gbps带宽服务器,达拉斯10Gbps服务器

spinservers是Majestic Hosting Solutions LLC旗下站点,主要提供国外服务器租用和Hybrid Dedicated等产品的商家,数据中心包括美国达拉斯和圣何塞机房,机器一般10Gbps端口带宽,高配置硬件,支持使用PayPal、信用卡、支付宝或者微信等付款方式。目前,商家针对部分服务器提供优惠码,优惠后达拉斯机房服务器最低每月89美元起,圣何塞机房服务器最低每月...

stealthy为你推荐
电信主机租用请问放个服务器在电信机房一般要什么配置?租金多少?虚拟主机租用虚拟主机服务器租用要怎么选择?国外空间租用好用的国外空间域名服务什么叫主域名服务器?ip代理地址IP代理什么意思?jsp虚拟空间自己组建jsp虚拟主机运营,技术方面有哪些要求?免费网站空间免费个人网站 空间美国网站空间购买美国网站空间使用会不会麻烦呢,网站空间购买在哪里购买网站空间虚拟主机系统虚拟主机怎么安装操作系统
韩国vps 西安服务器 ddos arvixe 香港cdn 紫田 美国便宜货网站 美国php主机 国外免费全能空间 免费防火墙 东莞数据中心 免费美国空间 网页提速 789 防cc攻击 购买空间 万网服务器 googlevoice 腾讯服务器 phpinfo 更多