This week Gartner released its Cool Vendor report for Cloud and Emerging Technology Security – and there we were: Soha Systems named Cool Vendor by Gartner. Boom. Holy Popcorn Batman! What a great honor it is to see the impact Soha is having on the market recognized by one of the world’s premier analyst firms in this way.
Company milestone attaining PCI DSS compliance
Since joining Soha Systems, some 9 months back, it was very evident that the common theme across the organization was TRUST. Trust in leadership to set the course; trust in employees to innovate; and most important, gaining the trust of customers for the Soha Cloud service. This last item, while hopefully the top priority for every “service provider”, is easier said than done.
We, at Soha Systems, attended IBM InterConnect conference, late February. Amidst the multitude of announcements made during that week, the one that resonated most with us was IBM's partnership with VMware around hybrid enterprise (IBM Wants VMware Shops On its Cloud, How IBM Stole Google's Thunder).
CEO Haseeb Budhani and Vice President of Security Mark Carrizosa to Demonstrate Soha Cloud for Supplier and Contractor Access to Enterprise Applications
As security professionals, it's our responsibility to maintain awareness about the goings on within the security space. It might include doing our research and reading all the publications, or emails from friends, colleagues and even family. For those who fancy a bit more organization, maybe just crawling LinkedIn, Reddit, or Google Alert feeds on a daily basis. In any case, you're bound to come across a litany of articles about security vulnerabilities, strategies, and threats. The most recent collection of interesting tidbits are those relating to the backdoors identified in some of the top firewall technologies (Juniper, Fortinet, and possibly others). I found myself scrolling through my own LinkedIn feed while waiting on the tarmac returning from a recent trip, when I received another email about the latest backdoor issue. Since I had nowhere else to be for the next few hours, I decided this was a good time to try and wrap my head around it all and maybe discern more than just a little ammunition for the obligatory security small talk at the next industry event. So with the hum of jet engines and the faint glow of the overhead cabin lights, I went to work.
The cloud disrupts IT and compute paradigms, and allows us to rethink everything about them. But more often than not, the move to the cloud means merely transfer of on-premise IT to cloud environment, almost unchanged.
In my last post, I wrote how the move to the cloud, popularity of mobility and the sharing economy has created a new normal - the Outside-In Enterprise – and how this new reality has broken the enterprise security model. In the Outside-In enterprise, the majority of users are coming in from the outside of the corporate network. Increasingly badged employees, contractors and third parties gain access to on-premise, corporate network and cloud computing resources from the Internet.
Every now and then, when a publicly traded company's quarterly earnings whiff, you hear the "secular shift" song. It's a lament about how the "Hotel California Syndrome" doesn't work anymore. In other words, "vendor lock-in" is loosing its grip on the customers.
As cloud adoption and mobility efforts are rapidly rising, methods in which to access corporate resources and data (and the devices used to access them) have increased at an exponential rate. Left unchecked, this ubiquitous style of access can soon evolve to an unmanageable state and introduce far more risk due to the inherent complexity. When factoring in the Human Element, it is becoming more and more evident that people matter just as much as technology. If organizations are to successfully (and consistently) mitigate these risks across multiple planes, it is imperative that Security teams move beyond only focusing on the technological controls and begin to develop a culture of security-aware employees who can effectively act as an extension of your security program, rather than a threat to the organization.
It doesn't come often that you see a company and tell yourself "I've gotta join this company". Especially not after 25-odd years in the industry. Well, it so happens there is one such company – Soha Systems.