US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.


Tehama Team

Tehama Team

May 19, 2021

·

5 min read time

·

US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.

A recently-announced Executive Order on Improving the Nation’s Cybersecurity from U.S. President Joe Biden means many companies will soon have to step up their IT security and compliance game.

The Executive Order is intended to provide a preview and guidance to the direction by both public and private sectors. Most onlookers agree that software and other companies doing business with the U.S. government will almost certainly have to (among other things):

  • Implement multi-factor authentication and data encryption
  • Submit and abide by a “software bill of materials” stating exactly what’s inside their  software (this would override any non-disclosure agreements in place)
  • Keep an expanded volume of digital records on hand in case of investigation
  • Work with organizations such as the FBI and Department of Homeland Security in the event of an incident
  • Disclose any breaches or attacks to the government in a timely manner

“If you’re doing business with the federal government, then when you have an incident, you must notify us quickly,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology, in an NPR story.

The order will also create a cybersecurity incident response board to conduct investigations,  similar to the National Transportation Safety Board’s role following a plane crash, according to media reports.

Observers note the changes will most dramatically impact larger software vendors, such as Microsoft and SalesForce, but will likely affect to some degree every software vendor that sells to the U.S. government.

Response to SolarWinds exploit

The executive order comes following the December 2020 discovery of the SolarWinds-Microsoft-VMware hack, a wide-ranging (and long lasting) supply chain attack that (among other attack avenues) trojanized SolarWinds Orion software updates to distribute malware.

Security firm FireEye, which discovered the attack, says the campaign affected public and private organizations around the world by leveraging “multiple techniques to evade detection.”

The attack primarily affected large software vendors to the government, such as Microsoft, which said after its own investigation that the hackers downloaded some of its Azure, Exchange, and Intune source code. But the damage wasn’t limited to large companies – the White House recently said at least 100 companies and nine federal agencies were affected, including the U.S. Treasury and departments of Commerce, State, Energy, and Homeland Security.

The massive hack discovered in late 2020 isn’t the only cyber threat currently on the minds of White House officials. More recently, a ransomware attack on a major U.S. oil pipeline forced its owner to shut down the conduit indefinitely – one of the largest-ever attacks on U.S. infrastructure.

How Tehama’s Secure Digital Office Platform delivers the supply chain development security requirements

Many organizations will need to quickly scale up to meet these and any other requirements within the upcoming executive order.

In many cases that will be a significant challenge requiring considerable IT expenditure and complexity, including stacking additional IT security solutions on top of existing data and desktop estates. It could also require companies to accelerate their laptop refresh strategy (depending on the age of their physical machines) and be far more disciplined when implementing system updates and patches.

It’s an even bigger challenge for companies engaged in distributed software development and other hybrid workforce use cases, where employees regularly connect to environments remotely and physical endpoints are spread out over several regions.

Tehama’s Secure Digital Office Platform, however, can help.

Tehama combines Desktop as a Service (DaaS), Security, Audit, and Networking to secure the supply chain by providing software developers with a high-performance development environment on a secure virtual desktop within a virtual room. It’s got the security and attestation features organizations need to reduce vulnerabilities, along with complete visibility (and a full audit trail) into everyone that uses a virtual room or desktop:

  • Zero-Trust access controls including multi-factor authentication and least privilege permissions
  • Nested virtualization to automate and rapidly provision development environments
  • Built in encryption, anti-malware and dynamic firewall tools
  • Centralized policy controls and management
  • Automatic system and application patches and updates
  • Virtual Windows and Linux desktops (including GPU desktops) to meet any workload need

Because it securely captures all room and desktop activity through session recordings, its built-in tools help you prove all development takes place within secure environments (while allowing the actual developer to be anywhere in the world with an internet connection).

Tehama next-gen enterprise DaaS: A more secure option

Tehama makes it easy to meet any IT security standard through an arsenal of built-in security and compliance tools. Its unique architecture constructs a secure perimeter around a virtual room containing secure virtual desktops, and provides the controls and capabilities required to quickly onboard, scale, manage, and audit your entire hybrid workforce or roster of third-party vendors in minutes.

Rooms and desktops connect to corporate and cloud systems through our encrypted Tehama Gateway, a secure channel that handles all network traffic.

And all virtual desktops are powered by Teradici PCoIP Ultra technology, which uses AES 256 encryption while compressing and transmitting a pixelated representation of a centralized virtual machine.

Tehama enterprise DaaS customers leverage our solution every day to provide secure access to production, development, and staging environments. That means they’ve already got the security and compliance tools necessary to easily accommodate the U.S. government’s upcoming executive order on IT security.

By ensuring Tehama is their only path to committing code to production, they’ve secured their software development supply chain.


Shape line

Read More

Tehama + AWS: A Winning Combination for the Delivery of Hybrid Work

Tehama + AWS: A Winning Combination for the Delivery of Hybrid Work

Tehama is revolutionizing how businesses connect to and transmit work through the Tehama Carrier for Work™, an all-in-one platform that combines Desktop as a Service (DaaS), Security, Audit, and Networking for seamless hybrid workforce enablement. Market Opportunity A 2022 report by Future Market Insights predicts that the global DaaS market is currently worth $5.5 billion and expected to more than triple in size to $17.8 billion by 2029¹. Recognized among the top providers leading this growth is Amazon Web Services (AWS). As a global Independent Software Vendor (ISV) partner for AWS, Tehama can make it easier for businesses using AWS…
Eliminate VDI & DaaS Roadblocks with Tehama’s Carrier for Work™

Eliminate VDI & DaaS Roadblocks with Tehama’s Carrier for Work™

A February 2022 Gallup study of over 12,000 U.S. employees, found that about four in 10 workers are currently either hybrid (working remotely part of the week) or working entirely from home. A staggering nine in 10 of these remote-capable workers want to be fully remote or hybrid¹. What this study makes clear is that the definition and scope of hybrid work will continue to evolve as this workstyle becomes business as usual for most organizations.  With an increasing number of businesses accelerating their adoption of hybrid work, the EUC marketplace is on a growth trajectory and fundamentally changing, as…
How Financial Service Businesses Can Stop Cybercrime in its Tracks

How Financial Service Businesses Can Stop Cybercrime in its Tracks

Securing sensitive financial data is already difficult for financial services firms due to complex IT infrastructures and the growing frequency of cyber threats. And it is expected to become even more challenging in the coming years as banks and financial institutions expand their use of third-party contractors and consultants to drive efficiencies and cost savings that can come from supplementing the work already being done by full-time employees. Yet, a recent study by the Financial Services Information Sharing and Analysis Center (FS-ISAC) found third-party risk to be among the top cyber threats facing financial institutions in 2022, along with zero-day…
/wp-content/uploads/2021/08/subscribe-background.jpg
#690FFA
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!