US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.


Tehama Team

Tehama Team

May 19, 2021

·

5 min read time

·

US Executive Order means stronger software supply chain security. Tehama Secure Digital Office delivers.

A recently-announced Executive Order on Improving the Nation’s Cybersecurity from U.S. President Joe Biden means many companies will soon have to step up their IT security and compliance game.

The Executive Order is intended to provide a preview and guidance to the direction by both public and private sectors. Most onlookers agree that software and other companies doing business with the U.S. government will almost certainly have to (among other things):

  • Implement multi-factor authentication and data encryption
  • Submit and abide by a “software bill of materials” stating exactly what’s inside their  software (this would override any non-disclosure agreements in place)
  • Keep an expanded volume of digital records on hand in case of investigation
  • Work with organizations such as the FBI and Department of Homeland Security in the event of an incident
  • Disclose any breaches or attacks to the government in a timely manner

“If you’re doing business with the federal government, then when you have an incident, you must notify us quickly,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology, in an NPR story.

The order will also create a cybersecurity incident response board to conduct investigations,  similar to the National Transportation Safety Board’s role following a plane crash, according to media reports.

Observers note the changes will most dramatically impact larger software vendors, such as Microsoft and SalesForce, but will likely affect to some degree every software vendor that sells to the U.S. government.

Response to SolarWinds exploit

The executive order comes following the December 2020 discovery of the SolarWinds-Microsoft-VMware hack, a wide-ranging (and long lasting) supply chain attack that (among other attack avenues) trojanized SolarWinds Orion software updates to distribute malware.

Security firm FireEye, which discovered the attack, says the campaign affected public and private organizations around the world by leveraging “multiple techniques to evade detection.”

The attack primarily affected large software vendors to the government, such as Microsoft, which said after its own investigation that the hackers downloaded some of its Azure, Exchange, and Intune source code. But the damage wasn’t limited to large companies – the White House recently said at least 100 companies and nine federal agencies were affected, including the U.S. Treasury and departments of Commerce, State, Energy, and Homeland Security.

The massive hack discovered in late 2020 isn’t the only cyber threat currently on the minds of White House officials. More recently, a ransomware attack on a major U.S. oil pipeline forced its owner to shut down the conduit indefinitely – one of the largest-ever attacks on U.S. infrastructure.

How Tehama’s Secure Digital Office Platform delivers the supply chain development security requirements

Many organizations will need to quickly scale up to meet these and any other requirements within the upcoming executive order.

In many cases that will be a significant challenge requiring considerable IT expenditure and complexity, including stacking additional IT security solutions on top of existing data and desktop estates. It could also require companies to accelerate their laptop refresh strategy (depending on the age of their physical machines) and be far more disciplined when implementing system updates and patches.

It’s an even bigger challenge for companies engaged in distributed software development and other hybrid workforce use cases, where employees regularly connect to environments remotely and physical endpoints are spread out over several regions.

Tehama’s Secure Digital Office Platform, however, can help.

Tehama combines Desktop as a Service (DaaS), Security, Audit, and Networking to secure the supply chain by providing software developers with a high-performance development environment on a secure virtual desktop within a virtual room. It’s got the security and attestation features organizations need to reduce vulnerabilities, along with complete visibility (and a full audit trail) into everyone that uses a virtual room or desktop:

  • Zero-Trust access controls including multi-factor authentication and least privilege permissions
  • Nested virtualization to automate and rapidly provision development environments
  • Built in encryption, anti-malware and dynamic firewall tools
  • Centralized policy controls and management
  • Automatic system and application patches and updates
  • Virtual Windows and Linux desktops (including GPU desktops) to meet any workload need

Because it securely captures all room and desktop activity through session recordings, its built-in tools help you prove all development takes place within secure environments (while allowing the actual developer to be anywhere in the world with an internet connection).

Tehama next-gen enterprise DaaS: A more secure option

Tehama makes it easy to meet any IT security standard through an arsenal of built-in security and compliance tools. Its unique architecture constructs a secure perimeter around a virtual room containing secure virtual desktops, and provides the controls and capabilities required to quickly onboard, scale, manage, and audit your entire hybrid workforce or roster of third-party vendors in minutes.

Rooms and desktops connect to corporate and cloud systems through our encrypted Tehama Gateway, a secure channel that handles all network traffic.

And all virtual desktops are powered by Teradici PCoIP Ultra technology, which uses AES 256 encryption while compressing and transmitting a pixelated representation of a centralized virtual machine.

Tehama enterprise DaaS customers leverage our solution every day to provide secure access to production, development, and staging environments. That means they’ve already got the security and compliance tools necessary to easily accommodate the U.S. government’s upcoming executive order on IT security.

By ensuring Tehama is their only path to committing code to production, they’ve secured their software development supply chain.


Shape line

Read More

Now Available: Tehama’s Cybersecurity Platform delivers integrated, enterprise wide security.

Now Available: Tehama’s Cybersecurity Platform delivers integrated, enterprise wide security.

In today’s global marketplace, meeting compliance mandates is more than necessary; it’s a competitive advantage. In its recent report, Top Trends in Cybersecurity 2023¹, Gartner concluded that through 2026, more than 40% of organizations — including two-thirds of midsize enterprises — will rely on consolidated platforms to run cybersecurity validation assessments. Gartner also identified that restructuring the security function’s operations can enable agility without compromising security.  And that’s where the Tehama Cybersecurity Platform for Hybrid and Remote Work comes in. It’s built on Tehama’s groundbreaking P5 architecture and is the first to unify secure access to hybrid and remote work.…
Why You Should Move to Tehama Technologies Today

Why You Should Move to Tehama Technologies Today

Reducing Cost, Adding Flexibility, and Driving Innovation in Hybrid and Remote Work In the business world, organizations are constantly re-prioritizing and adapting to meet changing competitive pressures. Innovation and effectively leveraging technology are critical to their ability to adapt quickly. The pivot towards remote and hybrid work models means businesses today expect their technology partners to provide robust security solutions, immediate ROI and cost savings, greater flexibility, and an optimized user experience. Where does your organization stand on its virtualization and digital workspace deployments? The Tehama Cybersecurity Platform for Hybrid and Remote Work, powered by our P5 architecture, provides all…
Unleashing the Future of Work: Tehama Technologies' P5 Architecture First to Unify Secure Access to Hybrid and Remote Work

Unleashing the Future of Work: Tehama Technologies' P5 Architecture First to Unify Secure Access to Hybrid and Remote Work

In today’s ever-evolving business landscape, organizations must strategically invest in hybrid and remote workforce capabilities to stay competitive. Legacy solutions and traditional approaches no longer suffice, as they come with inherent compliance risks, added cost and  complexity, and an extended time to value. Recognizing these challenges, Tehama Technologies has developed the Tehama Cybersecurity Platform for Hybrid and Remote Work, built on its groundbreaking Power of Five (P5) architecture, this solution is the first to unify secure access to hybrid and remote work. The P5 architecture sets Tehama’s platform apart by securely delivering hybrid and remote work like never before. By…
/wp-content/uploads/2021/08/subscribe-background.jpg
#690FFA
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!

Loading